CVE-2008-4096

2008-09-1815:04:27

Debian Security Bug Tracker

security-tracker.debian.org

CVSS2

8.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

EPSS

0.078

Percentile

94.2%

JSON

libraries/database_interface.lib.php in phpMyAdmin before 2.11.9.1 allows remote authenticated users to execute arbitrary code via a request to server_databases.php with a sort_by parameter containing PHP sequences, which are processed by create_function.

OSVersionArchitecturePackageVersionFilename
Debian12allphpmyadmin< 4:2.11.8.1-2phpmyadmin_4:2.11.8.1-2_all.deb
Debian11allphpmyadmin< 4:2.11.8.1-2phpmyadmin_4:2.11.8.1-2_all.deb
Debian999allphpmyadmin< 4:2.11.8.1-2phpmyadmin_4:2.11.8.1-2_all.deb
Debian13allphpmyadmin< 4:2.11.8.1-2phpmyadmin_4:2.11.8.1-2_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	phpmyadmin	< 4:2.11.8.1-2	phpmyadmin_4:2.11.8.1-2_all.deb
Debian	11	all	phpmyadmin	< 4:2.11.8.1-2	phpmyadmin_4:2.11.8.1-2_all.deb
Debian	999	all	phpmyadmin	< 4:2.11.8.1-2	phpmyadmin_4:2.11.8.1-2_all.deb
Debian	13	all	phpmyadmin	< 4:2.11.8.1-2	phpmyadmin_4:2.11.8.1-2_all.deb