Description
libraries/database_interface.lib.php in phpMyAdmin before 2.11.9.1 allows remote authenticated users to execute arbitrary code via a request to server_databases.php with a sort_by parameter containing PHP sequences, which are processed by create_function.
Remediation
References
Related Vulnerabilities
WordPress Plugin Page Restrict Cross-Site Scripting (2.2.1)
Oracle Database Server CVE-2013-3789 Vulnerability (CVE-2013-3789)
Oracle JRE CVE-2012-0500 Vulnerability (CVE-2012-0500)
PHP Other Vulnerability (CVE-2004-1020)
TYPO3 Cleartext Transmission of Sensitive Information Vulnerability (CVE-2017-6370)