Description

Static code injection vulnerability in the getConfigFile function in setup/lib/ConfigFile.class.php in phpMyAdmin 3.x before 3.1.3.2 allows remote attackers to inject arbitrary PHP code into configuration files.

Remediation

References

CVE-2009-1285

Related Vulnerabilities

WordPress Plugin Contact Form Generator Multiple Cross-Site Request Forgery Vulnerabilities (2.1.86)

MySQL CVE-2012-0113 Vulnerability (CVE-2012-0113)

ownCloud Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2013-0300)

WordPress Plugin WP Data Access Privilege Escalation (5.3.7)

MySQL CVE-2018-3161 Vulnerability (CVE-2018-3161)

Severity

High

Classification

CVE-2009-1285 CWE-94

Tags

Missing Update Known Vulnerabilities