Lucene search

[email protected]CVE-2008-4096

HistorySep 18, 2008 - 3:04 p.m.

CVE-2008-4096

2008-09-1815:04:27

CWE-20

[email protected]

web.nvd.nist.gov

phpmyadmin

code execution

remote authentication

security vulnerability

CVSS2

8.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

AI Score

6.1

Confidence

High

EPSS

0.078

Percentile

94.2%

JSON

libraries/database_interface.lib.php in phpMyAdmin before 2.11.9.1 allows remote authenticated users to execute arbitrary code via a request to server_databases.php with a sort_by parameter containing PHP sequences, which are processed by create_function.

Affected configurations

NVD

Node

phpmyadminphpmyadminRange≤2.11.9

phpmyadminphpmyadminMatch2.0

phpmyadminphpmyadminMatch2.0.0

phpmyadminphpmyadminMatch2.0.1

phpmyadminphpmyadminMatch2.0.2

phpmyadminphpmyadminMatch2.0.3

phpmyadminphpmyadminMatch2.0.4

phpmyadminphpmyadminMatch2.0.5

phpmyadminphpmyadminMatch2.1

phpmyadminphpmyadminMatch2.1.0

phpmyadminphpmyadminMatch2.1.1

phpmyadminphpmyadminMatch2.1.2

phpmyadminphpmyadminMatch2.10.0

phpmyadminphpmyadminMatch2.10.0.0

phpmyadminphpmyadminMatch2.10.0.1

phpmyadminphpmyadminMatch2.10.0.2

phpmyadminphpmyadminMatch2.10.1

phpmyadminphpmyadminMatch2.10.01

phpmyadminphpmyadminMatch2.10.1.0

phpmyadminphpmyadminMatch2.10.2

phpmyadminphpmyadminMatch2.10.2.0

phpmyadminphpmyadminMatch2.10.3

phpmyadminphpmyadminMatch2.10.3.0

phpmyadminphpmyadminMatch2.10.3rc1

phpmyadminphpmyadminMatch2.11.0

phpmyadminphpmyadminMatch2.11.0.0

phpmyadminphpmyadminMatch2.11.0beta1

phpmyadminphpmyadminMatch2.11.0rc1

phpmyadminphpmyadminMatch2.11.1

phpmyadminphpmyadminMatch2.11.1.0

phpmyadminphpmyadminMatch2.11.1.1

phpmyadminphpmyadminMatch2.11.1.2

phpmyadminphpmyadminMatch2.11.1rc1

phpmyadminphpmyadminMatch2.11.2

phpmyadminphpmyadminMatch2.11.2.0

phpmyadminphpmyadminMatch2.11.2.1

phpmyadminphpmyadminMatch2.11.2.2

phpmyadminphpmyadminMatch2.11.3

phpmyadminphpmyadminMatch2.11.3.0

phpmyadminphpmyadminMatch2.11.3rc1

phpmyadminphpmyadminMatch2.11.4

phpmyadminphpmyadminMatch2.11.4.0

phpmyadminphpmyadminMatch2.11.4rc1

phpmyadminphpmyadminMatch2.11.5

phpmyadminphpmyadminMatch2.11.5.0

phpmyadminphpmyadminMatch2.11.5.1

phpmyadminphpmyadminMatch2.11.5.2

phpmyadminphpmyadminMatch2.11.5rc1

phpmyadminphpmyadminMatch2.11.6

phpmyadminphpmyadminMatch2.11.6rc1

phpmyadminphpmyadminMatch2.11.7

phpmyadminphpmyadminMatch2.11.8

VendorProductVersionCPE
phpmyadminphpmyadmin2.11.1.2cpe:/a:phpmyadmin:phpmyadmin:2.11.1.2:::
phpmyadminphpmyadmin2.11.5rc1cpe:/a:phpmyadmin:phpmyadmin:2.11.5rc1:::
phpmyadminphpmyadmin2.11.7cpe:/a:phpmyadmin:phpmyadmin:2.11.7:::
phpmyadminphpmyadmin2.10.0.0cpe:/a:phpmyadmin:phpmyadmin:2.10.0.0:::
phpmyadminphpmyadmin2.11.0beta1cpe:/a:phpmyadmin:phpmyadmin:2.11.0beta1:::
phpmyadminphpmyadmin2.11.1rc1cpe:/a:phpmyadmin:phpmyadmin:2.11.1rc1:::
phpmyadminphpmyadmin2.11.2.1cpe:/a:phpmyadmin:phpmyadmin:2.11.2.1:::
phpmyadminphpmyadmin2.11.3cpe:/a:phpmyadmin:phpmyadmin:2.11.3:::
phpmyadminphpmyadmin2.10.0.1cpe:/a:phpmyadmin:phpmyadmin:2.10.0.1:::
phpmyadminphpmyadmin2.11.2.2cpe:/a:phpmyadmin:phpmyadmin:2.11.2.2:::

Vendor	Product	Version	CPE
phpmyadmin	phpmyadmin	2.11.1.2	cpe:/a:phpmyadmin:phpmyadmin:2.11.1.2:::
phpmyadmin	phpmyadmin	2.11.5rc1	cpe:/a:phpmyadmin:phpmyadmin:2.11.5rc1:::
phpmyadmin	phpmyadmin	2.11.7	cpe:/a:phpmyadmin:phpmyadmin:2.11.7:::
phpmyadmin	phpmyadmin	2.10.0.0	cpe:/a:phpmyadmin:phpmyadmin:2.10.0.0:::
phpmyadmin	phpmyadmin	2.11.0beta1	cpe:/a:phpmyadmin:phpmyadmin:2.11.0beta1:::
phpmyadmin	phpmyadmin	2.11.1rc1	cpe:/a:phpmyadmin:phpmyadmin:2.11.1rc1:::
phpmyadmin	phpmyadmin	2.11.2.1	cpe:/a:phpmyadmin:phpmyadmin:2.11.2.1:::
phpmyadmin	phpmyadmin	2.11.3	cpe:/a:phpmyadmin:phpmyadmin:2.11.3:::
phpmyadmin	phpmyadmin	2.10.0.1	cpe:/a:phpmyadmin:phpmyadmin:2.10.0.1:::
phpmyadmin	phpmyadmin	2.11.2.2	cpe:/a:phpmyadmin:phpmyadmin:2.11.2.2:::