Description

libraries/database_interface.lib.php in phpMyAdmin before 2.11.9.1 allows remote authenticated users to execute arbitrary code via a request to server_databases.php with a sort_by parameter containing PHP sequences, which are processed by create_function.

Remediation

References

CVE-2008-4096

Related Vulnerabilities

WordPress Plugin WP Idea Stream Cross-Site Scripting (2.1.1)

WordPress Plugin School Management System-WPSchoolPress Multiple Vulnerabilities (2.1.9)

WordPress Plugin Age Verification 'redirect_to' Parameter URI Redirection (0.4)

WordPress Plugin WP-Polls SQL Injection (2.61)

WordPress 4.1.x Multiple Vulnerabilities (4.1 - 4.1.14)

Severity

High

Classification

CVE-2008-4096 CWE-20

Tags

Missing Update Known Vulnerabilities