CVE-2015-2208

EXPLOITED

Avinu Phpmoadmin - Command Injection

Title source: rule

Description

The saveObject function in moadmin.php in phpMoAdmin 1.1.2 allows remote attackers to execute arbitrary commands via shell metacharacters in the object parameter.

Exploits (4)

exploitdb WORKING POC
by @u0x · textwebappsphp
https://www.exploit-db.com/exploits/36251
nomisec WORKING POC 2 stars
by ptantiku · poc
https://github.com/ptantiku/cve-2015-2208
metasploit WORKING POC EXCELLENT
rubypocphp
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/phpmoadmin_exec.rb

References (5)

Scores

EPSS 0.8812
EPSS Percentile 99.5%

Details

VulnCheck KEV 2020-12-01
CWE
CWE-77
Status published
Products (1)
avinu/phpmoadmin 1.1.2
Published Mar 12, 2015
Tracked Since Feb 18, 2026