8.5
CVE-2008-4096
- EPSS 11.18%
- Veröffentlicht 18.09.2008 15:04:27
- Zuletzt bearbeitet 16.06.2026 22:57:10
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
libraries/database_interface.lib.php in phpMyAdmin before 2.11.9.1 allows remote authenticated users to execute arbitrary code via a request to server_databases.php with a sort_by parameter containing PHP sequences, which are processed by create_function.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Phpmyadmin ≫ Phpmyadmin Version <= 2.11.9
Phpmyadmin ≫ Phpmyadmin Version2.0
Phpmyadmin ≫ Phpmyadmin Version2.0.0
Phpmyadmin ≫ Phpmyadmin Version2.0.1
Phpmyadmin ≫ Phpmyadmin Version2.0.2
Phpmyadmin ≫ Phpmyadmin Version2.0.3
Phpmyadmin ≫ Phpmyadmin Version2.0.4
Phpmyadmin ≫ Phpmyadmin Version2.0.5
Phpmyadmin ≫ Phpmyadmin Version2.1
Phpmyadmin ≫ Phpmyadmin Version2.1.0
Phpmyadmin ≫ Phpmyadmin Version2.1.1
Phpmyadmin ≫ Phpmyadmin Version2.1.2
Phpmyadmin ≫ Phpmyadmin Version2.10.0
Phpmyadmin ≫ Phpmyadmin Version2.10.0.0
Phpmyadmin ≫ Phpmyadmin Version2.10.0.1
Phpmyadmin ≫ Phpmyadmin Version2.10.0.2
Phpmyadmin ≫ Phpmyadmin Version2.10.1
Phpmyadmin ≫ Phpmyadmin Version2.10.01
Phpmyadmin ≫ Phpmyadmin Version2.10.1.0
Phpmyadmin ≫ Phpmyadmin Version2.10.2
Phpmyadmin ≫ Phpmyadmin Version2.10.2.0
Phpmyadmin ≫ Phpmyadmin Version2.10.3
Phpmyadmin ≫ Phpmyadmin Version2.10.3.0
Phpmyadmin ≫ Phpmyadmin Version2.10.3rc1
Phpmyadmin ≫ Phpmyadmin Version2.11.0
Phpmyadmin ≫ Phpmyadmin Version2.11.0.0
Phpmyadmin ≫ Phpmyadmin Version2.11.0beta1
Phpmyadmin ≫ Phpmyadmin Version2.11.0rc1
Phpmyadmin ≫ Phpmyadmin Version2.11.1
Phpmyadmin ≫ Phpmyadmin Version2.11.1.0
Phpmyadmin ≫ Phpmyadmin Version2.11.1.1
Phpmyadmin ≫ Phpmyadmin Version2.11.1.2
Phpmyadmin ≫ Phpmyadmin Version2.11.1rc1
Phpmyadmin ≫ Phpmyadmin Version2.11.2
Phpmyadmin ≫ Phpmyadmin Version2.11.2.0
Phpmyadmin ≫ Phpmyadmin Version2.11.2.1
Phpmyadmin ≫ Phpmyadmin Version2.11.2.2
Phpmyadmin ≫ Phpmyadmin Version2.11.3
Phpmyadmin ≫ Phpmyadmin Version2.11.3.0
Phpmyadmin ≫ Phpmyadmin Version2.11.3rc1
Phpmyadmin ≫ Phpmyadmin Version2.11.4
Phpmyadmin ≫ Phpmyadmin Version2.11.4.0
Phpmyadmin ≫ Phpmyadmin Version2.11.4rc1
Phpmyadmin ≫ Phpmyadmin Version2.11.5
Phpmyadmin ≫ Phpmyadmin Version2.11.5.0
Phpmyadmin ≫ Phpmyadmin Version2.11.5.1
Phpmyadmin ≫ Phpmyadmin Version2.11.5.2
Phpmyadmin ≫ Phpmyadmin Version2.11.5rc1
Phpmyadmin ≫ Phpmyadmin Version2.11.6
Phpmyadmin ≫ Phpmyadmin Version2.11.6rc1
Phpmyadmin ≫ Phpmyadmin Version2.11.7
Phpmyadmin ≫ Phpmyadmin Version2.11.8
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 11.18% | 0.954 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.5 | 6.8 | 10 |
AV:N/AC:M/Au:S/C:C/I:C/A:C
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html
http://secunia.com/advisories/33822
http://www.debian.org/security/2008/dsa-1641
http://www.mandriva.com/security/advisories?name=MDVSA-2008:202
http://fd.the-wildcat.de/pma_e36a091q11.php
http://osvdb.org/48196
http://secunia.com/advisories/31884
http://secunia.com/advisories/31918
http://secunia.com/advisories/32034
http://security.gentoo.org/glsa/glsa-200903-32.xml
http://typo3.org/teams/security/security-bulletins/typo3-20080916-1/
http://www.nabble.com/phpMyAdmin-2.11.9.1-is-released-td19497113.html
http://www.openwall.com/lists/oss-security/2008/09/15/2
http://www.openwall.com/lists/oss-security/2008/09/16/2
http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-7
http://www.securityfocus.com/bid/31188
http://www.vupen.com/english/advisories/2008/2585
http://www.vupen.com/english/advisories/2008/2619
https://bugzilla.redhat.com/show_bug.cgi?id=462430
https://exchange.xforce.ibmcloud.com/vulnerabilities/45157
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01137.html
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01155.html
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01228.html
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01290.html