Summary
phpMyAdmin is prone to Remote Command Execution vulnerability.
Impact
Successful exploitation allows execution of arbitrary commands, and possibly compromise the affected application.
Impact Level : Application
Solution
Upgrade to phpMyAdmin 2.11.9.1 or newer
http://www.phpmyadmin.net/home_page/downloads.php#2.11.9.1
Insight
This issue is caused by, sort_by parameter in server_databases.php which is not properly sanitised before being used.
Affected
phpMyAdmin versions prior to 2.11.9.1 on all platform
References
Severity
Classification
-
CVE CVE-2008-4096 -
CVSS Base Score: 8.5
AV:N/AC:M/Au:S/C:C/I:C/A:C
Related Vulnerabilities
- Atlassian JIRA FishEye and Crucible Plugins XML Parsing Unspecified Security Vulnerability
- Athena Web Registration remote command execution flaw
- ASAS Server End User Self Service (EUSS) SQL Injection Vulnerability
- ATutor password reminder SQL injection
- Ajax File and Image Manager 'data.php' PHP Code Injection Vulnerability