QwikSec

Security Database

CVE

CWE

Training

CVE-2009-4024

Published: Nov 28, 2009

Modified: Aug 7, 2024

PUBLISHED

Description

Argument injection vulnerability in the ping function in Ping.php in the Net_Ping package before 2.4.5 for PEAR allows remote attackers to execute arbitrary shell commands via the host parameter. NOTE: this has also been reported as a shell metacharacter problem.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

FEDORA-2009-11613

vendor-advisory

x_refsource_FEDORA

http://pear.php.net/package/Net_Ping/download/2.4.5

x_refsource_CONFIRM

http://svn.php.net/viewvc/pear/packages/Net_Ping/trunk/Ping.php?r1=274728&r2=290669&pathrev=290669

x_refsource_CONFIRM

http://pear.php.net/advisory20091114-01.txt

x_refsource_CONFIRM

FEDORA-2009-12156

vendor-advisory

x_refsource_FEDORA

netping-ping-command-execution(54390)

vdb-entry

x_refsource_XF

http://blog.pear.php.net/2009/11/14/net_traceroute-and-net_ping-security-advisory/

x_refsource_CONFIRM

vdb-entry

x_refsource_BID

vdb-entry

x_refsource_VUPEN

third-party-advisory

x_refsource_SECUNIA

FEDORA-2009-11523

vendor-advisory

x_refsource_FEDORA

vendor-advisory

x_refsource_DEBIAN

third-party-advisory

x_refsource_SECUNIA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.