Summary
phpMyAdmin is prone to Remote Command Execution vulnerability.
Impact
Successful exploitation allows execution of arbitrary commands, and possibly compromise the affected application.
Impact Level : Application
Solution
Upgrade to phpMyAdmin 2.11.9.1 or newer
http://www.phpmyadmin.net/home_page/downloads.php#2.11.9.1
Insight
This issue is caused by, sort_by parameter in server_databases.php which is not properly sanitised before being used.
Affected
phpMyAdmin versions prior to 2.11.9.1 on all platform
References
Severity
Classification
-
CVE CVE-2008-4096 -
CVSS Base Score: 8.5
AV:N/AC:M/Au:S/C:C/I:C/A:C
Related Vulnerabilities