CVE-2004-1147 | Vulnerability Database | Aqua Security

phpMyAdmin 2.6.0-pl2, and other versions before 2.6.1, with external transformations enabled, allows remote attackers to execute arbitrary commands via shell metacharacters.

Affected Software

Name	Vendor	Start Version	End Version
Phpmyadmin	Phpmyadmin	2.4.0 (including)	2.4.0 (including)
Phpmyadmin	Phpmyadmin	2.5.0 (including)	2.5.0 (including)
Phpmyadmin	Phpmyadmin	2.5.1 (including)	2.5.1 (including)
Phpmyadmin	Phpmyadmin	2.5.2 (including)	2.5.2 (including)
Phpmyadmin	Phpmyadmin	2.5.4 (including)	2.5.4 (including)
Phpmyadmin	Phpmyadmin	2.5.5 (including)	2.5.5 (including)
Phpmyadmin	Phpmyadmin	2.5.5_pl1 (including)	2.5.5_pl1 (including)
Phpmyadmin	Phpmyadmin	2.5.5_rc1 (including)	2.5.5_rc1 (including)
Phpmyadmin	Phpmyadmin	2.5.5_rc2 (including)	2.5.5_rc2 (including)
Phpmyadmin	Phpmyadmin	2.5.6_rc1 (including)	2.5.6_rc1 (including)
Phpmyadmin	Phpmyadmin	2.5.7 (including)	2.5.7 (including)
Phpmyadmin	Phpmyadmin	2.5.7_pl1 (including)	2.5.7_pl1 (including)
Phpmyadmin	Phpmyadmin	2.6.0_pl1 (including)	2.6.0_pl1 (including)
Phpmyadmin	Phpmyadmin	2.6.0_pl2 (including)	2.6.0_pl2 (including)
Phpmyadmin	Phpmyadmin	2.6.0_pl3 (including)	2.6.0_pl3 (including)

References

http://marc.info/?l=bugtraq\u0026m=110295781828323\u0026w=2
http://www.exaprobe.com/labs/advisories/esa-2004-1213.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/18441

NVD	https://nvd.nist.gov/vuln/detail/CVE-2004-1147
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html