[Forgot Password]
Login  Register Subscribe

24547

 
 

132803

 
 

127844

 
 

909

 
 

105823

 
 

152

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML view JSON

CVE-2009-1151Date: (C)2009-03-26   (M)2019-06-12


Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allows remote attackers to inject arbitrary PHP code into a configuration file via the save action.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.5
Exploit Score: 10.0
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
http://www.securityfocus.com/archive/1/archive/1/504191/100/0/threaded
BID-34236
SECUNIA-34430
SECUNIA-34642
SECUNIA-35585
SECUNIA-35635
EXPLOIT-DB-8921
DSA-1824
GLSA-200906-03
MDVSA-2009:115
SUSE-SR:2009:008
http://labs.neohapsis.com/2009/04/06/about-cve-2009-1151/
http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/MAINT_2_11_9/phpMyAdmin/scripts/setup.php?r1=11514&r2=12301&pathrev=12301
http://www.gnucitizen.org/blog/cve-2009-1151-phpmyadmin-remote-code-execution-proof-of-concept/
http://www.phpmyadmin.net/home_page/security/PMASA-2009-3.php

CPE    25
cpe:/a:phpmyadmin:phpmyadmin:2.11.1.0
cpe:/a:phpmyadmin:phpmyadmin:3.1.2:rc1
cpe:/a:phpmyadmin:phpmyadmin:2.11.2.2
cpe:/a:phpmyadmin:phpmyadmin:2.11.5.0
...
CWE    1
CWE-94
OVAL    2
oval:org.secpod.oval:def:600355
oval:org.mitre.oval:def:7579

© SecPod Technologies