CVE-2009-1151 Information

Feb 14, 2021 cve

Description

Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allows remote attackers to inject arbitrary PHP code into a configuration file via the save action.

Reference

http://labs.neohapsis.com/2009/04/06/about-cve-2009-1151/ http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/MAINT_2_11_9/phpMyAdmin/scripts/setup.php?r1=11514&r2=12301&pathrev=12301 http://secunia.com/advisories/34430 http://secunia.com/advisories/34642 http://secunia.com/advisories/35585 http://secunia.com/advisories/35635 http://security.gentoo.org/glsa/glsa-200906-03.xml http://www.debian.org/security/2009/dsa-1824 http://www.gnucitizen.org/blog/cve-2009-1151-phpmyadmin-remote-code-execution-proof-of-concept/ http://www.mandriva.com/security/advisories?name=MDVSA-2009:115 http://www.phpmyadmin.net/home_page/security/PMASA-2009-3.php http://www.securityfocus.com/archive/1/504191/100/0/threaded http://www.securityfocus.com/bid/34236 https://www.exploit-db.com/exploits/8921

Share on: