CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2009-1151

Known Exploited (CISA KEV)CRITICAL
9.8
CVSS Severity Score
EPSS Score27.8200%
EPSS Percentile89.78th
Published2009年3月26日
Last Modified2026年4月22日

Vulnerability Description

Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allows remote attackers to inject arbitrary PHP code into a configuration file via the save action.

Affected Platforms (CPE)

📦
Phpmyadmin

Phpmyadmin

>= 2.11.0 and < 2.11.9.5
📦
Phpmyadmin

Phpmyadmin

>= 3.0.0 and < 3.1.3.1
💻
Debian

Debian Linux

= 4.0
💻
Debian

Debian Linux

= 5.0

References & Advisories

🔗 http://labs.neohapsis.com/2009/04/06/about-cve-2009-1151/
🔗 http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html
🔗 http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/MAINT_2_11_9/phpMyAdmin/scripts/setup.php?r1=11514&r2=12301&pathrev=12301
🔗 http://secunia.com/advisories/34430
🔗 http://secunia.com/advisories/34642
🔗 http://secunia.com/advisories/35585
🔗 http://secunia.com/advisories/35635
🔗 http://security.gentoo.org/glsa/glsa-200906-03.xml

相關漏洞威脅

CVE-2007-020310.0

Multiple unspecified vulnerabilities in phpMyAdmin before 2.9.2-rc1 have unknown impact and attack vectors.

CVE-2008-725110.0

libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 creates a temporary directory with 0777 permissions, which has unknow...

CVE-2004-114710.0

phpMyAdmin 2.6.0-pl2, and other versions before 2.6.1, with external transformations enabled, allows remote attackers to execute a...

CVE-2008-725210.0

libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 uses predictable filenames for temporary files, which has unknown imp...