Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-4096

Overview

Vulnerability Score 8.5 8.5
CVE Id CVE-2008-4096
Last Modified 07 Mar 2011 10:11:56
Published 18 Sep 2008 11:04:27
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2008-4096

Summary

libraries/database_interface.lib.php in phpMyAdmin before 2.11.9.1 allows remote authenticated users to execute arbitrary code via a request to server_databases.php with a sort_by parameter containing PHP sequences, which are processed by create_function.

Vulnerable Systems

Application

  • Phpmyadmin 2.0

  • Phpmyadmin 2.0.0

  • Phpmyadmin 2.0.1

  • Phpmyadmin 2.0.2

  • Phpmyadmin 2.0.3

  • Phpmyadmin 2.0.4

  • Phpmyadmin 2.0.5

  • Phpmyadmin 2.1

  • Phpmyadmin 2.1.0

  • Phpmyadmin 2.1.1

  • Phpmyadmin 2.1.2

  • Phpmyadmin 2.10.0

  • Phpmyadmin 2.10.0.0

  • Phpmyadmin 2.10.0.1

  • Phpmyadmin 2.10.0.2

  • Phpmyadmin 2.10.01

  • Phpmyadmin 2.10.1

  • Phpmyadmin 2.10.1.0

  • Phpmyadmin 2.10.2

  • Phpmyadmin 2.10.2.0

  • Phpmyadmin 2.10.3

  • Phpmyadmin 2.10.3.0

  • Phpmyadmin 2.10.3rc1

  • Phpmyadmin 2.11.0

  • Phpmyadmin 2.11.0.0

  • Phpmyadmin 2.11.0beta1

  • Phpmyadmin 2.11.0rc1

  • Phpmyadmin 2.11.1

  • Phpmyadmin 2.11.1.0

  • Phpmyadmin 2.11.1.1

  • Phpmyadmin 2.11.1.2

  • Phpmyadmin 2.11.1rc1

  • Phpmyadmin 2.11.2

  • Phpmyadmin 2.11.2.0

  • Phpmyadmin 2.11.2.1

  • Phpmyadmin 2.11.2.2

  • Phpmyadmin 2.11.3

  • Phpmyadmin 2.11.3.0

  • Phpmyadmin 2.11.3rc1

  • Phpmyadmin 2.11.4

  • Phpmyadmin 2.11.4.0

  • Phpmyadmin 2.11.4rc1

  • Phpmyadmin 2.11.5

  • Phpmyadmin 2.11.5.0

  • Phpmyadmin 2.11.5.1

  • Phpmyadmin 2.11.5.2

  • Phpmyadmin 2.11.5rc1

  • Phpmyadmin 2.11.6

  • Phpmyadmin 2.11.6rc1

  • Phpmyadmin 2.11.7

  • Phpmyadmin 2.11.8

  • Phpmyadmin 2.11.9


References

MLIST - [phpmyadmin-news] 20080915 phpMyAdmin 2.11.9.1 is released

FEDORA - FEDORA-2008-8370

FEDORA - FEDORA-2008-8335

FEDORA - FEDORA-2008-8286

FEDORA - FEDORA-2008-8269

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=462430

XF - phpmyadmin-serverdatabases-code-execution(45157)

VUPEN - ADV-2008-2619

VUPEN - ADV-2008-2585

BID - 31188

CONFIRM - http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-7

MLIST - [oss-security] 20080915 Re: phpMyAdmin code execution (CVE request)

MLIST - [oss-security] 20080915 phpMyAdmin code execution (CVE request)

MANDRIVA - MDVSA-2008:202

DEBIAN - DSA-1641

CONFIRM - http://typo3.org/teams/security/security-bulletins/typo3-20080916-1/

GENTOO - GLSA-200903-32

SECUNIA - 33822

SECUNIA - 32034

SECUNIA - 31918

SECUNIA - 31884

OSVDB - 48196

SUSE - SUSE-SR:2009:003

MISC - http://fd.the-wildcat.de/pma_e36a091q11.php


Last Updated: 27 May 2016 10:48:23