Directory
1. Vulnerability description Insufficient output sanitizing when generating configuration file
phpMyAdmin is PHP written tool used by the WEB Management of MySQL
phpMyAdmin Setup script used to generate configuration. If a remote attacker to this script to submit a specially crafted POST request while ๅฐฑ ๅฏ่ฝ ๅจ ็ๆ ็ config.inc.php the configuration file contains any PHP code. Since the configuration file is saved to the server, an unauthenticated remote attacker can exploit this vulnerability to execute arbitrary PHP code
Relevant Link:
http://www.phpmyadmin.net/home_page/security/PMASA-2009-3.php
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1151
http://cwe.mitre.org/data/definitions/661.html
http://sebug.net/vuldb/ssvid-11665
http://www.gnucitizen.org/blog/cve-2009-1151-phpmyadmin-remote-code-execution-proof-of-concept/
2. Vulnerability trigger condition
To use this vulnerability to server attacks, hackers need to meet several necessary conditions