Description

Static code injection vulnerability in the getConfigFile function in setup/lib/ConfigFile.class.php in phpMyAdmin 3.x before 3.1.3.2 allows remote attackers to inject arbitrary PHP code into configuration files.

Remediation

References

CVE-2009-1285

Related Vulnerabilities

WordPress Plugin Venture Event Manager Cross-Site Scripting (3.2.4)

Moodle Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2010-2231)

LimeSurvey Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-18358)

WordPress Plugin SecuPress Free-WordPress Security Security Bypass (1.4.13)

phpMyAdmin Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-9848)

Severity

High

Classification

CVE-2009-1285 CWE-94

Tags

Missing Update Known Vulnerabilities