Lucene search

[email protected]NVD:CVE-2009-1151

HistoryMar 26, 2009 - 2:30 p.m.

CVE-2009-1151

2009-03-2614:30:00

CWE-94

[email protected]

web.nvd.nist.gov

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.9 Medium

AI Score

Confidence

Low

0.799 High

EPSS

Percentile

98.3%

JSON

Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allows remote attackers to inject arbitrary PHP code into a configuration file via the save action.

Affected configurations

NVD

Node

phpmyadminphpmyadminRange≤3.1.3

phpmyadminphpmyadminMatch2.11.0

phpmyadminphpmyadminMatch2.11.0beta1

phpmyadminphpmyadminMatch2.11.0rc1

phpmyadminphpmyadminMatch2.11.1

phpmyadminphpmyadminMatch2.11.1rc1

phpmyadminphpmyadminMatch2.11.1.0

phpmyadminphpmyadminMatch2.11.1.1

phpmyadminphpmyadminMatch2.11.1.2

phpmyadminphpmyadminMatch2.11.2

phpmyadminphpmyadminMatch2.11.2.0

phpmyadminphpmyadminMatch2.11.2.1

phpmyadminphpmyadminMatch2.11.2.2

phpmyadminphpmyadminMatch2.11.3

phpmyadminphpmyadminMatch2.11.3rc1

phpmyadminphpmyadminMatch2.11.3.0

phpmyadminphpmyadminMatch2.11.4

phpmyadminphpmyadminMatch2.11.4rc1

phpmyadminphpmyadminMatch2.11.5

phpmyadminphpmyadminMatch2.11.5rc1

phpmyadminphpmyadminMatch2.11.5.0

phpmyadminphpmyadminMatch2.11.5.1

phpmyadminphpmyadminMatch2.11.5.2

phpmyadminphpmyadminMatch2.11.6

phpmyadminphpmyadminMatch2.11.6rc1

phpmyadminphpmyadminMatch2.11.6.0

phpmyadminphpmyadminMatch2.11.7

phpmyadminphpmyadminMatch2.11.7.0

phpmyadminphpmyadminMatch2.11.8

phpmyadminphpmyadminMatch2.11.9

phpmyadminphpmyadminMatch2.11.9.0

phpmyadminphpmyadminMatch2.11.9.1

phpmyadminphpmyadminMatch2.11.9.2

phpmyadminphpmyadminMatch2.11.9.3

phpmyadminphpmyadminMatch2.11.9.4

phpmyadminphpmyadminMatch3.1.0

phpmyadminphpmyadminMatch3.1.1

phpmyadminphpmyadminMatch3.1.1rc1

phpmyadminphpmyadminMatch3.1.2

phpmyadminphpmyadminMatch3.1.2rc1

phpmyadminphpmyadminMatch3.1.3rc1

References

labs.neohapsis.com/2009/04/06/about-cve-2009-1151/

lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html

phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/MAINT_2_11_9/phpMyAdmin/scripts/setup.php?r1=11514&r2=12301&pathrev=12301

secunia.com/advisories/34430

secunia.com/advisories/34642

secunia.com/advisories/35585

secunia.com/advisories/35635

security.gentoo.org/glsa/glsa-200906-03.xml

www.debian.org/security/2009/dsa-1824

www.gnucitizen.org/blog/cve-2009-1151-phpmyadmin-remote-code-execution-proof-of-concept/

www.mandriva.com/security/advisories?name=MDVSA-2009:115

www.phpmyadmin.net/home_page/security/PMASA-2009-3.php

www.securityfocus.com/archive/1/504191/100/0/threaded

www.securityfocus.com/bid/34236

www.exploit-db.com/exploits/8921

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.9 Medium

AI Score

Confidence

Low

0.799 High

EPSS

Percentile

98.3%

JSON

CVE-2009-1151

Affected configurations

References

Related