CVE-2009-1525 Details

CVE-2009-1525

Published: 2009-05-05
Last Modified: 2017-08-17
CVE Author: NIST National Vulnerability Database
CVE Assigner: cve@mitre.org
Summary

CMD_DB in JBMC Software DirectAdmin before 1.334 allows remote authenticated users to gain privileges via shell metacharacters in the name parameter during a restore action.

Analysis
Common Vulnerability Score System v2.0
Severity High
Base Score 8.5/10
Exploit Score 6.8/10
Access Vector Network
Access Complexity Medium
Authentication Single
Impact Score 10/10
Confidentiality Impact Complete
Availability Impact Complete
Integrity Impact Complete
Vector String AV:N/AC:M/Au:S/C:C/I:C/A:C
Common Vulnerability Score System v3.1

NIST has not assigned a CVSSv3.1 Score.

Products Reported
CPE Vulnerable Start Excluding
cpe:2.3:a:jbmc-software:directadmin:0.95:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:jbmc-software:directadmin:1:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:jbmc-software:directadmin:1.01:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:jbmc-software:directadmin:1.1:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:jbmc-software:directadmin:1.02:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:jbmc-software:directadmin:1.2:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:jbmc-software:directadmin:1.03:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:jbmc-software:directadmin:1.3:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:jbmc-software:directadmin:1.04:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:jbmc-software:directadmin:1.05:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:jbmc-software:directadmin:1.06:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:jbmc-software:directadmin:1.07:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:jbmc-software:directadmin:1.08:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:jbmc-software:directadmin:1.09:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:jbmc-software:directadmin:1.11:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:jbmc-software:directadmin:1.12:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:jbmc-software:directadmin:1.13:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:jbmc-software:directadmin:1.14:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:jbmc-software:directadmin:1.15:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:jbmc-software:directadmin:1.16:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:jbmc-software:directadmin:1.17:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:jbmc-software:directadmin:1.18:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:jbmc-software:directadmin:1.19:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:jbmc-software:directadmin:1.21:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:jbmc-software:directadmin:1.22:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:jbmc-software:directadmin:1.23:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:jbmc-software:directadmin:1.24:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:jbmc-software:directadmin:1.25:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:jbmc-software:directadmin:1.26:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:jbmc-software:directadmin:1.27:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:jbmc-software:directadmin:1.28:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:jbmc-software:directadmin:1.29:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:jbmc-software:directadmin:1.31:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:jbmc-software:directadmin:1.32:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:jbmc-software:directadmin:1.33:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:jbmc-software:directadmin:1.081:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:jbmc-software:directadmin:1.111:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:jbmc-software:directadmin:1.121:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:jbmc-software:directadmin:1.151:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:jbmc-software:directadmin:1.152:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:jbmc-software:directadmin:1.161:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:jbmc-software:directadmin:1.171:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:jbmc-software:directadmin:1.172:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:jbmc-software:directadmin:1.173:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:jbmc-software:directadmin:1.174:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:jbmc-software:directadmin:1.181:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:jbmc-software:directadmin:1.192:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:jbmc-software:directadmin:1.193:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:jbmc-software:directadmin:1.195:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:jbmc-software:directadmin:1.196:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:jbmc-software:directadmin:1.201:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:jbmc-software:directadmin:1.202:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:jbmc-software:directadmin:1.203:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:jbmc-software:directadmin:1.204:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:jbmc-software:directadmin:1.205:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:jbmc-software:directadmin:1.206:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:jbmc-software:directadmin:1.207:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:jbmc-software:directadmin:1.211:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:jbmc-software:directadmin:1.212:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:jbmc-software:directadmin:1.213:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:jbmc-software:directadmin:1.221:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:jbmc-software:directadmin:1.222:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:jbmc-software:directadmin:1.223:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:jbmc-software:directadmin:1.224:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:jbmc-software:directadmin:1.225:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:jbmc-software:directadmin:1.226:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:jbmc-software:directadmin:1.231:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:jbmc-software:directadmin:1.232:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:jbmc-software:directadmin:1.233:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:jbmc-software:directadmin:1.234:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:jbmc-software:directadmin:1.235:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:jbmc-software:directadmin:1.241:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:jbmc-software:directadmin:1.242:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:jbmc-software:directadmin:1.243:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:jbmc-software:directadmin:1.244:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:jbmc-software:directadmin:1.251:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:jbmc-software:directadmin:1.252:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:jbmc-software:directadmin:1.253:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:jbmc-software:directadmin:1.254:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:jbmc-software:directadmin:1.255:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:jbmc-software:directadmin:1.261:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:jbmc-software:directadmin:1.262:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:jbmc-software:directadmin:1.263:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:jbmc-software:directadmin:1.264:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:jbmc-software:directadmin:1.265:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:jbmc-software:directadmin:1.266:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:jbmc-software:directadmin:1.273:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:jbmc-software:directadmin:1.274:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:jbmc-software:directadmin:1.275:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:jbmc-software:directadmin:1.281:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:jbmc-software:directadmin:1.282:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:jbmc-software:directadmin:1.285:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:jbmc-software:directadmin:1.286:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:jbmc-software:directadmin:1.291:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:jbmc-software:directadmin:1.292:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:jbmc-software:directadmin:1.293:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:jbmc-software:directadmin:1.294:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:jbmc-software:directadmin:1.295:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:jbmc-software:directadmin:1.296:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:jbmc-software:directadmin:1.297:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:jbmc-software:directadmin:1.301:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:jbmc-software:directadmin:1.302:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:jbmc-software:directadmin:1.311:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:jbmc-software:directadmin:1.312:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:jbmc-software:directadmin:1.313:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:jbmc-software:directadmin:1.314:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:jbmc-software:directadmin:1.315:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:jbmc-software:directadmin:1.321:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:jbmc-software:directadmin:1.322:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:jbmc-software:directadmin:1.323:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:jbmc-software:directadmin:1.331:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:jbmc-software:directadmin:1.332:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:jbmc-software:directadmin:*:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:jbmc-software:directadmin:1.1741:*:*:*:*:*:*:* Yes - -
cpe:2.3:a:jbmc-software:directadmin:1.1941:*:*:*:*:*:*:* Yes - -
References

http://archives.neohapsis.com/archives/fulldisclosure/2009-04/0228.html
http://osvdb.org/54015
http://secunia.com/advisories/34861
http://www.directadmin.com/features.php?id=968
https://exchange.xforce.ibmcloud.com/vulnerabilities/50167

CVE ID
CVE-2009-1525
Published
2009-05-05
Modified
2017-08-17
CVSSv2.0
High
PCI Compliance
Fail
US-CERT Alert
No
CWE
CWE-20

You never have to pay for a vulnerability scanning and management software again.

Tired of paying a subscription 'per asset' or 'per IP'? Well you can officially cancel your current subscription. Mageni provides a free, open source and enterprise-ready vulnerability scanning and management platform which helps you to find, prioritize, remediate and manage your vulnerabilities.