Description

libraries/database_interface.lib.php in phpMyAdmin before 2.11.9.1 allows remote authenticated users to execute arbitrary code via a request to server_databases.php with a sort_by parameter containing PHP sequences, which are processed by create_function.

Remediation

References

CVE-2008-4096

Related Vulnerabilities

Drupal Core 8.7.4 Security Bypass (8.7.4)

Undertow CVE-2022-4492 Vulnerability (CVE-2022-4492)

SharePoint CVE-2021-31171 Vulnerability (CVE-2021-31171)

MySQL CVE-2020-14785 Vulnerability (CVE-2020-14785)

WordPress Plugin MW Font Changer Cross-Site Scripting (4.2.5)

Severity

High

Classification

CVE-2008-4096 CWE-20

Tags

Missing Update Known Vulnerabilities