phpmyadmin

2008-09-21

Page content

Vulnerable: 2.11.8.1-1
Unaffected: 2.11.9.1-1solaria1

Norman Hippert has reported a vulnerability in phpMyAdmin, which can be exploited by malicious users to compromise a vulnerable system. Input passed to the “sort_by” parameter in server_databases.php is not properly sanitised before being used. This can be exploited to execute arbitrary PHP code. Successful exploitation requires valid user credentials.

Bug Tracker URL: http://bugs.frugalware.org/task/3352

CVEs:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4096