CVE-2008-4096

Exploit

EPSS 12.62%
Veröffentlicht 18.09.2008 15:04:27
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

libraries/database_interface.lib.php in phpMyAdmin before 2.11.9.1 allows remote authenticated users to execute arbitrary code via a request to server_databases.php with a sort_by parameter containing PHP sequences, which are processed by create_function.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 27

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Phpmyadmin ≫ Phpmyadmin Version <= 2.11.9

Phpmyadmin ≫ Phpmyadmin Version2.0

Phpmyadmin ≫ Phpmyadmin Version2.0.0

Phpmyadmin ≫ Phpmyadmin Version2.0.1

Phpmyadmin ≫ Phpmyadmin Version2.0.2

Phpmyadmin ≫ Phpmyadmin Version2.0.3

Phpmyadmin ≫ Phpmyadmin Version2.0.4

Phpmyadmin ≫ Phpmyadmin Version2.0.5

Phpmyadmin ≫ Phpmyadmin Version2.1

Phpmyadmin ≫ Phpmyadmin Version2.1.0

Phpmyadmin ≫ Phpmyadmin Version2.1.1

Phpmyadmin ≫ Phpmyadmin Version2.1.2

Phpmyadmin ≫ Phpmyadmin Version2.10.0

Phpmyadmin ≫ Phpmyadmin Version2.10.0.0

Phpmyadmin ≫ Phpmyadmin Version2.10.0.1

Phpmyadmin ≫ Phpmyadmin Version2.10.0.2

Phpmyadmin ≫ Phpmyadmin Version2.10.1

Phpmyadmin ≫ Phpmyadmin Version2.10.01

Phpmyadmin ≫ Phpmyadmin Version2.10.1.0

Phpmyadmin ≫ Phpmyadmin Version2.10.2

Phpmyadmin ≫ Phpmyadmin Version2.10.2.0

Phpmyadmin ≫ Phpmyadmin Version2.10.3

Phpmyadmin ≫ Phpmyadmin Version2.10.3.0

Phpmyadmin ≫ Phpmyadmin Version2.10.3rc1

Phpmyadmin ≫ Phpmyadmin Version2.11.0

Phpmyadmin ≫ Phpmyadmin Version2.11.0.0

Phpmyadmin ≫ Phpmyadmin Version2.11.0beta1

Phpmyadmin ≫ Phpmyadmin Version2.11.0rc1

Phpmyadmin ≫ Phpmyadmin Version2.11.1

Phpmyadmin ≫ Phpmyadmin Version2.11.1.0

Phpmyadmin ≫ Phpmyadmin Version2.11.1.1

Phpmyadmin ≫ Phpmyadmin Version2.11.1.2

Phpmyadmin ≫ Phpmyadmin Version2.11.1rc1

Phpmyadmin ≫ Phpmyadmin Version2.11.2

Phpmyadmin ≫ Phpmyadmin Version2.11.2.0

Phpmyadmin ≫ Phpmyadmin Version2.11.2.1

Phpmyadmin ≫ Phpmyadmin Version2.11.2.2

Phpmyadmin ≫ Phpmyadmin Version2.11.3

Phpmyadmin ≫ Phpmyadmin Version2.11.3.0

Phpmyadmin ≫ Phpmyadmin Version2.11.3rc1

Phpmyadmin ≫ Phpmyadmin Version2.11.4

Phpmyadmin ≫ Phpmyadmin Version2.11.4.0

Phpmyadmin ≫ Phpmyadmin Version2.11.4rc1

Phpmyadmin ≫ Phpmyadmin Version2.11.5

Phpmyadmin ≫ Phpmyadmin Version2.11.5.0

Phpmyadmin ≫ Phpmyadmin Version2.11.5.1

Phpmyadmin ≫ Phpmyadmin Version2.11.5.2

Phpmyadmin ≫ Phpmyadmin Version2.11.5rc1

Phpmyadmin ≫ Phpmyadmin Version2.11.6

Phpmyadmin ≫ Phpmyadmin Version2.11.6rc1

Phpmyadmin ≫ Phpmyadmin Version2.11.7

Phpmyadmin ≫ Phpmyadmin Version2.11.8

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	12.62%	0.937

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.5	6.8	10	AV:N/AC:M/Au:S/C:C/I:C/A:C

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html

http://secunia.com/advisories/33822

http://www.debian.org/security/2008/dsa-1641

http://www.mandriva.com/security/advisories?name=MDVSA-2008:202

http://fd.the-wildcat.de/pma_e36a091q11.php

http://osvdb.org/48196

http://secunia.com/advisories/31884

Vendor Advisory

http://secunia.com/advisories/31918

http://secunia.com/advisories/32034

http://security.gentoo.org/glsa/glsa-200903-32.xml

http://typo3.org/teams/security/security-bulletins/typo3-20080916-1/