CVE-2009-1525

CMD_DB in JBMC Software DirectAdmin before 1.334 allows remote authenticated users to gain privileges via shell metacharacters in the name parameter during a restore action.

Date published : 2009-05-05

http://www.directadmin.com/features.php?id=968

http://archives.neohapsis.com/archives/fulldisclosure/2009-04/0228.html