7.5
CVE-2009-1285
- EPSS 10.91%
- Veröffentlicht 16.04.2009 15:12:57
- Zuletzt bearbeitet 16.06.2026 23:06:56
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Static code injection vulnerability in the getConfigFile function in setup/lib/ConfigFile.class.php in phpMyAdmin 3.x before 3.1.3.2 allows remote attackers to inject arbitrary PHP code into configuration files.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Phpmyadmin ≫ Phpmyadmin Version3.0.0
Phpmyadmin ≫ Phpmyadmin Version3.0.1
Phpmyadmin ≫ Phpmyadmin Version3.1.0
Phpmyadmin ≫ Phpmyadmin Version3.1.0.0
Phpmyadmin ≫ Phpmyadmin Version3.1.1
Phpmyadmin ≫ Phpmyadmin Version3.1.1 Updaterc1
Phpmyadmin ≫ Phpmyadmin Version3.1.2
Phpmyadmin ≫ Phpmyadmin Version3.1.2 Updaterc1
Phpmyadmin ≫ Phpmyadmin Version3.1.3
Phpmyadmin ≫ Phpmyadmin Version3.1.3 Update1
Phpmyadmin ≫ Phpmyadmin Version3.1.3 Updaterc1
Phpmyadmin ≫ Phpmyadmin Version3.1.3.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 10.91% | 0.953 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
CWE-94 Improper Control of Generation of Code ('Code Injection')
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/MAINT_3_1_3/phpMyAdmin/setup/lib/ConfigFile.class.php?r1=12248&r2=12301&pathrev=12342
http://secunia.com/advisories/34727
http://secunia.com/advisories/34741
http://www.phpmyadmin.net/home_page/security/PMASA-2009-4.php
http://www.securityfocus.com/bid/34526
http://www.vupen.com/english/advisories/2009/1045
https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00442.html
https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00452.html