Description

Static code injection vulnerability in the getConfigFile function in setup/lib/ConfigFile.class.php in phpMyAdmin 3.x before 3.1.3.2 allows remote attackers to inject arbitrary PHP code into configuration files.

Remediation

References

CVE-2009-1285

Related Vulnerabilities

MediaWiki Other Vulnerability (CVE-2023-37300)

phpMyAdmin Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-6610)

WordPress Plugin Leaflet Maps Marker Pro (Google Maps, OpenStreetMap, Bing Maps) Multiple Cross-Site Scripting Vulnerabilities (2.3)

Internet Information Services Other Vulnerability (CVE-1999-0278)

WordPress Plugin Zedity:The Easiest Way To Create Posts & Pages Cross-Site Scripting (2.5.0)

Severity

High

Classification

CVE-2009-1285 CWE-94

Tags

Missing Update Known Vulnerabilities