CVE-2009-1525

DirectAdmin < 1.33.4 - Authenticated Privilege Escalation via Shell Metacharacters in Restore Name Parameter

Title source: llm
STIX 2.1

Description

CMD_DB in JBMC Software DirectAdmin before 1.334 allows remote authenticated users to gain privileges via shell metacharacters in the name parameter during a restore action.

References (5)

Core 5
Core References
Broken Link vdb-entry x_refsource_osvdb
http://osvdb.org/54015
Exploit, Broken Link mailing-list x_refsource_fulldisc
http://archives.neohapsis.com/archives/fulldisclosure/2009-04/0228.html
Third Party Advisory vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/50167
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/34861
Vendor Advisory, Release Notes x_refsource_confirm
http://www.directadmin.com/features.php?id=968

Scores

EPSS 0.0246
EPSS Percentile 82.6%

Details

CWE
CWE-20
Status published
Products (1)
directadmin/directadmin < 1.33.4
Published May 05, 2009
Tracked Since Feb 18, 2026