Description

phpMyAdmin 3.5.2.2, as distributed by the cdnetworks-kr-1 mirror during an unspecified time frame in 2012, contains an externally introduced modification (Trojan Horse) in server_sync.php, which allows remote attackers to execute arbitrary PHP code via an eval injection attack.

Remediation

References

CVE-2012-5159

Related Vulnerabilities

Oracle JRE CVE-2013-1518 Vulnerability (CVE-2013-1518)

YUI Library Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-5882)

phpMyFAQ Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2011-4825)

WordPress Plugin WordPress Poll Multiple SQL Injection and Security Bypass Vulnerabilities (34.04)

WordPress Plugin Zingiri Web Shop Multiple Cross-Site Scripting and SQL Injection Vulnerabilities (2.3.5)

Severity

High

Classification

CVE-2012-5159 CWE-94

Tags

Missing Update Known Vulnerabilities