CyberSec.Space Logo
Back to CVE Browser

CVE-2009-1151

Known Exploited (CISA KEV)CRITICAL
9.8
CVSS Severity Score
EPSS Score27.8200%
EPSS Percentile89.78th
PublishedMar 26, 2009
Last ModifiedApr 22, 2026

Vulnerability Description

Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allows remote attackers to inject arbitrary PHP code into a configuration file via the save action.

Affected Platforms (CPE)

πŸ“¦
Phpmyadmin

Phpmyadmin

>= 2.11.0 and < 2.11.9.5
πŸ“¦
Phpmyadmin

Phpmyadmin

>= 3.0.0 and < 3.1.3.1
πŸ’»
Debian

Debian Linux

= 4.0
πŸ’»
Debian

Debian Linux

= 5.0

References & Advisories

πŸ”— http://labs.neohapsis.com/2009/04/06/about-cve-2009-1151/
πŸ”— http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html
πŸ”— http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/MAINT_2_11_9/phpMyAdmin/scripts/setup.php?r1=11514&r2=12301&pathrev=12301
πŸ”— http://secunia.com/advisories/34430
πŸ”— http://secunia.com/advisories/34642
πŸ”— http://secunia.com/advisories/35585
πŸ”— http://secunia.com/advisories/35635
πŸ”— http://security.gentoo.org/glsa/glsa-200906-03.xml

Related Vulnerabilities

CVE-2007-020310.0

Multiple unspecified vulnerabilities in phpMyAdmin before 2.9.2-rc1 have unknown impact and attack vectors.

CVE-2008-725110.0

libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 creates a temporary directory with 0777 permissions, which has unknow...

CVE-2004-114710.0

phpMyAdmin 2.6.0-pl2, and other versions before 2.6.1, with external transformations enabled, allows remote attackers to execute a...

CVE-2008-725210.0

libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 uses predictable filenames for temporary files, which has unknown imp...