CVE-2009-1525

Published: May 5, 2009Modified: Dec 16, 2025

8.5

Vector

AV:N/AC:M/Au:S/C:C/I:C/A:C

Exploitability: 6.8 / Impact: 10.0

Source: NVD

Description

CMD_DB in JBMC Software DirectAdmin before 1.334 allows remote authenticated users to gain privileges via shell metacharacters in the name parameter during a restore action.

Affected (1)

Products: Directadmin: Directadmin

Directadmin

1 product

Directadmin

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Directadmin Directadmin	Before 1.33.4

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (10)

http://archives.neohapsis.com/archives/fulldisclosure/2009-04/0228.html

Source: cve@mitre.org

ExploitBroken Link

http://osvdb.org/54015

Source: cve@mitre.org

Broken Link

http://secunia.com/advisories/34861

Source: cve@mitre.org

Vendor Advisory

http://www.directadmin.com/features.php?id=968

Source: cve@mitre.org

Vendor AdvisoryRelease Notes

https://exchange.xforce.ibmcloud.com/vulnerabilities/50167

Source: cve@mitre.org

Third Party Advisory

http://archives.neohapsis.com/archives/fulldisclosure/2009-04/0228.html