This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **Essence**: PHPMoAdmin's `moadmin.php` has an **OS Command Injection** flaw. <br>π₯ **Consequences**: Attackers can execute **arbitrary commands** on the server via the `object` parameter.β¦
π‘οΈ **Root Cause**: The `saveObject` function fails to sanitize input. <br>π **Flaw**: It accepts **shell meta-characters** in the `object` parameter, allowing command injection.β¦
β‘ **Threshold**: **LOW**. <br>π **Auth**: Described as **Unauthorized** Remote Code Execution. <br>βοΈ **Config**: Exploitable via the `object` parameter directly. No complex setup needed.
Q6Is there a public Exp? (PoC/Wild Exploitation)
π **Public Exp?**: **YES**. <br>π **Sources**: Exploit-DB **#36251**, PacketStorm, and GitHub PoC available. <br>π **Status**: Wildly exploitable since 2015.
Q7How to self-check? (Features/Scanning)
π **Self-Check**: Scan for **PHPMoAdmin 1.1.2**. <br>π΅οΈ **Feature**: Look for `moadmin.php` endpoints. <br>π‘ **Tools**: Use Shodan or Nmap scripts to detect the specific version string.
π₯ **Urgency**: **CRITICAL** (if still in use). <br>β³ **Priority**: **P0**. <br>π‘ **Reason**: It is an **unauthenticated RCE** with **public exploits**.β¦