phpMyAdmin: Improper Control of Generation of Code ('Code Injection') (CVE-2009-1285)

Back to Search

phpMyAdmin: Improper Control of Generation of Code ('Code Injection') (CVE-2009-1285)

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:P/A:P)

Published

04/16/2009

Created

07/25/2018

Added

05/04/2017

Modified

10/16/2019

Description

Static code injection vulnerability in the getConfigFile function in setup/lib/ConfigFile.class.php in phpMyAdmin 3.x before 3.1.3.2 allows remote attackers to inject arbitrary PHP code into configuration files.

Solution(s)

phpmyadmin-upgrade-latest

References

https://attackerkb.com/topics/cve-2009-1285
34526
CVE - 2009-1285
http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/MAINT_3_1_3/phpMyAdmin/setup/lib/ConfigFile.class.php?r1=12248&r2=12301&pathrev=12342
http://secunia.com/advisories/34727
http://secunia.com/advisories/34741
http://www.phpmyadmin.net/home_page/security/PMASA-2009-4.php
http://www.securityfocus.com/bid/34526
http://www.vupen.com/english/advisories/2009/1045
https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00442.html
https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00452.html

Advanced vulnerability management analytics and reporting.

Key Features

Lightweight Endpoint Agent
Live Dashboards
Real Risk Prioritization
IT-Integrated Remediation Projects
Cloud, Virtual, and Container Assessment
Integrated Threat Feeds
Easy-to-Use RESTful API
Automation-Assisted Patching
Automated Containment

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;

Rapid7 Vulnerability & Exploit Database

phpMyAdmin: Improper Control of Generation of Code ('Code Injection') (CVE-2009-1285)