8.5

CVE-2008-4096

Exploit
libraries/database_interface.lib.php in phpMyAdmin before 2.11.9.1 allows remote authenticated users to execute arbitrary code via a request to server_databases.php with a sort_by parameter containing PHP sequences, which are processed by create_function.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PhpmyadminPhpmyadmin Version <= 2.11.9
PhpmyadminPhpmyadmin Version2.0
PhpmyadminPhpmyadmin Version2.0.0
PhpmyadminPhpmyadmin Version2.0.1
PhpmyadminPhpmyadmin Version2.0.2
PhpmyadminPhpmyadmin Version2.0.3
PhpmyadminPhpmyadmin Version2.0.4
PhpmyadminPhpmyadmin Version2.0.5
PhpmyadminPhpmyadmin Version2.1
PhpmyadminPhpmyadmin Version2.1.0
PhpmyadminPhpmyadmin Version2.1.1
PhpmyadminPhpmyadmin Version2.1.2
PhpmyadminPhpmyadmin Version2.10.0
PhpmyadminPhpmyadmin Version2.10.0.0
PhpmyadminPhpmyadmin Version2.10.0.1
PhpmyadminPhpmyadmin Version2.10.0.2
PhpmyadminPhpmyadmin Version2.10.1
PhpmyadminPhpmyadmin Version2.10.01
PhpmyadminPhpmyadmin Version2.10.1.0
PhpmyadminPhpmyadmin Version2.10.2
PhpmyadminPhpmyadmin Version2.10.2.0
PhpmyadminPhpmyadmin Version2.10.3
PhpmyadminPhpmyadmin Version2.10.3.0
PhpmyadminPhpmyadmin Version2.10.3rc1
PhpmyadminPhpmyadmin Version2.11.0
PhpmyadminPhpmyadmin Version2.11.0.0
PhpmyadminPhpmyadmin Version2.11.0beta1
PhpmyadminPhpmyadmin Version2.11.0rc1
PhpmyadminPhpmyadmin Version2.11.1
PhpmyadminPhpmyadmin Version2.11.1.0
PhpmyadminPhpmyadmin Version2.11.1.1
PhpmyadminPhpmyadmin Version2.11.1.2
PhpmyadminPhpmyadmin Version2.11.1rc1
PhpmyadminPhpmyadmin Version2.11.2
PhpmyadminPhpmyadmin Version2.11.2.0
PhpmyadminPhpmyadmin Version2.11.2.1
PhpmyadminPhpmyadmin Version2.11.2.2
PhpmyadminPhpmyadmin Version2.11.3
PhpmyadminPhpmyadmin Version2.11.3.0
PhpmyadminPhpmyadmin Version2.11.3rc1
PhpmyadminPhpmyadmin Version2.11.4
PhpmyadminPhpmyadmin Version2.11.4.0
PhpmyadminPhpmyadmin Version2.11.4rc1
PhpmyadminPhpmyadmin Version2.11.5
PhpmyadminPhpmyadmin Version2.11.5.0
PhpmyadminPhpmyadmin Version2.11.5.1
PhpmyadminPhpmyadmin Version2.11.5.2
PhpmyadminPhpmyadmin Version2.11.5rc1
PhpmyadminPhpmyadmin Version2.11.6
PhpmyadminPhpmyadmin Version2.11.6rc1
PhpmyadminPhpmyadmin Version2.11.7
PhpmyadminPhpmyadmin Version2.11.8
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 11.18% 0.954
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.5 6.8 10
AV:N/AC:M/Au:S/C:C/I:C/A:C
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html
http://secunia.com/advisories/33822
http://www.debian.org/security/2008/dsa-1641
http://www.mandriva.com/security/advisories?name=MDVSA-2008:202
http://fd.the-wildcat.de/pma_e36a091q11.php
http://osvdb.org/48196
http://secunia.com/advisories/31884
Vendor Advisory
http://secunia.com/advisories/31918
http://secunia.com/advisories/32034
http://security.gentoo.org/glsa/glsa-200903-32.xml
http://typo3.org/teams/security/security-bulletins/typo3-20080916-1/
http://www.nabble.com/phpMyAdmin-2.11.9.1-is-released-td19497113.html
Patch
http://www.openwall.com/lists/oss-security/2008/09/15/2
Exploit
http://www.openwall.com/lists/oss-security/2008/09/16/2
http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-7
http://www.securityfocus.com/bid/31188
Exploit
http://www.vupen.com/english/advisories/2008/2585
http://www.vupen.com/english/advisories/2008/2619
https://bugzilla.redhat.com/show_bug.cgi?id=462430
https://exchange.xforce.ibmcloud.com/vulnerabilities/45157
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01137.html
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01155.html
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01228.html
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01290.html