Jbmc-software » Directadmin » 1.275 : Security Vulnerabilities, CVEs,
JBMC Software DirectAdmin before 1.334 allows local users to create or overwrite any file via a symlink attack on an arbitrary file in a certain temporary directory, related to a request for this temporary file in the PATH_INFO to the CMD_DB script during a backup action.
Max CVSS
6.9
EPSS Score
0.05%
Published
2009-05-05
Updated
2010-03-29
CMD_DB in JBMC Software DirectAdmin before 1.334 allows remote authenticated users to gain privileges via shell metacharacters in the name parameter during a restore action.
Max CVSS
8.5
EPSS Score
0.57%
Published
2009-05-05
Updated
2017-08-17
2 vulnerabilities found