PhpMyAdmin Configuration File PHP Code Injection Vulnerability Network Vulnerability

Summary

According to its version number, the remote version of phpMyAdmin is prone to a remote PHP code-injection vulnerability. An attacker can exploit this issue to inject and execute arbitrary malicious PHP code in the context of the webserver process. This may facilitate a compromise of the application and the underlying system other attacks are also possible. phpMyAdmin 3.x versions prior to 3.1.3.2 are vulnerable.

Solution

Vendor updates are available. Please see http://www.phpmyadmin.net for more Information.

References

http://www.securityfocus.com/bid/34526

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-1285

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Apache Archiva Multiple Remote Command Execution Vulnerabilities
Allegro RomPager `Misfortune Cookie` Vulnerability
Artmedic Kleinanzeigen File Inclusion Vulnerability
ActualAnalyzer Lite 'ant' Cookie Parameter Remote Command Execution Vulnerability
AlstraSoft AskMe Pro 'forum_answer.php' and 'profile.php' Multiple SQL Injection Vulnerabilities

phpMyAdmin Configuration File PHP Code Injection Vulnerability

Take action and discover your vulnerabilities