CVE-2008-4096

Exploit

EPSS 12.62%
Published 18.09.2008 15:04:27
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

libraries/database_interface.lib.php in phpMyAdmin before 2.11.9.1 allows remote authenticated users to execute arbitrary code via a request to server_databases.php with a sort_by parameter containing PHP sequences, which are processed by create_function.

Affected products Warnungen 0 Metrics 2 CWE 1 References 27

Data is provided by the National Vulnerability Database (NVD)

Phpmyadmin ≫ Phpmyadmin Version <= 2.11.9

Phpmyadmin ≫ Phpmyadmin Version2.0

Phpmyadmin ≫ Phpmyadmin Version2.0.0

Phpmyadmin ≫ Phpmyadmin Version2.0.1

Phpmyadmin ≫ Phpmyadmin Version2.0.2

Phpmyadmin ≫ Phpmyadmin Version2.0.3

Phpmyadmin ≫ Phpmyadmin Version2.0.4

Phpmyadmin ≫ Phpmyadmin Version2.0.5

Phpmyadmin ≫ Phpmyadmin Version2.1

Phpmyadmin ≫ Phpmyadmin Version2.1.0

Phpmyadmin ≫ Phpmyadmin Version2.1.1

Phpmyadmin ≫ Phpmyadmin Version2.1.2

Phpmyadmin ≫ Phpmyadmin Version2.10.0

Phpmyadmin ≫ Phpmyadmin Version2.10.0.0

Phpmyadmin ≫ Phpmyadmin Version2.10.0.1

Phpmyadmin ≫ Phpmyadmin Version2.10.0.2

Phpmyadmin ≫ Phpmyadmin Version2.10.1

Phpmyadmin ≫ Phpmyadmin Version2.10.01

Phpmyadmin ≫ Phpmyadmin Version2.10.1.0

Phpmyadmin ≫ Phpmyadmin Version2.10.2

Phpmyadmin ≫ Phpmyadmin Version2.10.2.0

Phpmyadmin ≫ Phpmyadmin Version2.10.3

Phpmyadmin ≫ Phpmyadmin Version2.10.3.0

Phpmyadmin ≫ Phpmyadmin Version2.10.3rc1

Phpmyadmin ≫ Phpmyadmin Version2.11.0

Phpmyadmin ≫ Phpmyadmin Version2.11.0.0

Phpmyadmin ≫ Phpmyadmin Version2.11.0beta1

Phpmyadmin ≫ Phpmyadmin Version2.11.0rc1

Phpmyadmin ≫ Phpmyadmin Version2.11.1

Phpmyadmin ≫ Phpmyadmin Version2.11.1.0

Phpmyadmin ≫ Phpmyadmin Version2.11.1.1

Phpmyadmin ≫ Phpmyadmin Version2.11.1.2

Phpmyadmin ≫ Phpmyadmin Version2.11.1rc1

Phpmyadmin ≫ Phpmyadmin Version2.11.2

Phpmyadmin ≫ Phpmyadmin Version2.11.2.0

Phpmyadmin ≫ Phpmyadmin Version2.11.2.1

Phpmyadmin ≫ Phpmyadmin Version2.11.2.2

Phpmyadmin ≫ Phpmyadmin Version2.11.3

Phpmyadmin ≫ Phpmyadmin Version2.11.3.0

Phpmyadmin ≫ Phpmyadmin Version2.11.3rc1

Phpmyadmin ≫ Phpmyadmin Version2.11.4

Phpmyadmin ≫ Phpmyadmin Version2.11.4.0

Phpmyadmin ≫ Phpmyadmin Version2.11.4rc1

Phpmyadmin ≫ Phpmyadmin Version2.11.5

Phpmyadmin ≫ Phpmyadmin Version2.11.5.0

Phpmyadmin ≫ Phpmyadmin Version2.11.5.1

Phpmyadmin ≫ Phpmyadmin Version2.11.5.2

Phpmyadmin ≫ Phpmyadmin Version2.11.5rc1

Phpmyadmin ≫ Phpmyadmin Version2.11.6

Phpmyadmin ≫ Phpmyadmin Version2.11.6rc1

Phpmyadmin ≫ Phpmyadmin Version2.11.7

Phpmyadmin ≫ Phpmyadmin Version2.11.8

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	12.62%	0.937

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.5	6.8	10	AV:N/AC:M/Au:S/C:C/I:C/A:C

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html

http://secunia.com/advisories/33822

http://www.debian.org/security/2008/dsa-1641

http://www.mandriva.com/security/advisories?name=MDVSA-2008:202

http://fd.the-wildcat.de/pma_e36a091q11.php

http://osvdb.org/48196

http://secunia.com/advisories/31884

Vendor Advisory

http://secunia.com/advisories/31918

http://secunia.com/advisories/32034

http://security.gentoo.org/glsa/glsa-200903-32.xml

http://typo3.org/teams/security/security-bulletins/typo3-20080916-1/