Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
8.5
CVSSv2

CVE-2008-4096

Published: 18/09/2008 Updated: 08/08/2017
CVSS v2 Base Score: 8.5 | Impact Score: 10 | Exploitability Score: 6.8
VMScore: 855
Vector: AV:N/AC:M/Au:S/C:C/I:C/A:C
Subscribe to Phpmyadmin

Vulnerability Summary

libraries/database_interface.lib.php in phpMyAdmin prior to 2.11.9.1 allows remote authenticated users to execute arbitrary code via a request to server_databases.php with a sort_by parameter containing PHP sequences, which are processed by create_function.

Vulnerable Product Search on Vulmon Subscribe to Product

phpmyadmin phpmyadmin 2.11.2

phpmyadmin phpmyadmin 2.11.2.2

phpmyadmin phpmyadmin 2.11.0

phpmyadmin phpmyadmin 2.1.2

phpmyadmin phpmyadmin 2.10.3

phpmyadmin phpmyadmin 2.10.01

phpmyadmin phpmyadmin 2.10.2

phpmyadmin phpmyadmin 2.10.1

phpmyadmin phpmyadmin 2.0.2

phpmyadmin phpmyadmin 2.0.3

phpmyadmin phpmyadmin 2.10.0.0

phpmyadmin phpmyadmin 2.10.2.0

phpmyadmin phpmyadmin 2.11.2.0

phpmyadmin phpmyadmin 2.11.1.2

phpmyadmin phpmyadmin 2.11.1rc1

phpmyadmin phpmyadmin 2.1.1

phpmyadmin phpmyadmin 2.10.3rc1

phpmyadmin phpmyadmin 2.10.1.0

phpmyadmin phpmyadmin 2.11.5rc1

phpmyadmin phpmyadmin 2.11.4rc1

phpmyadmin phpmyadmin 2.0.0

phpmyadmin phpmyadmin 2.0.1

phpmyadmin phpmyadmin 2.0

phpmyadmin phpmyadmin 2.10.3.0

phpmyadmin phpmyadmin 2.11.6

phpmyadmin phpmyadmin 2.11.1.1

phpmyadmin phpmyadmin 2.11.5.0

phpmyadmin phpmyadmin 2.11.4.0

phpmyadmin phpmyadmin 2.11.3.0

phpmyadmin phpmyadmin 2.11.3

phpmyadmin phpmyadmin 2.10.0.1

phpmyadmin phpmyadmin 2.11.5.2

phpmyadmin phpmyadmin 2.11.6rc1

phpmyadmin phpmyadmin 2.11.1

phpmyadmin phpmyadmin 2.11.5

phpmyadmin phpmyadmin 2.11.4

phpmyadmin phpmyadmin 2.0.4

phpmyadmin phpmyadmin 2.0.5

phpmyadmin phpmyadmin 2.11.8

phpmyadmin phpmyadmin

phpmyadmin phpmyadmin 2.11.1.0

phpmyadmin phpmyadmin 2.10.0

phpmyadmin phpmyadmin 2.11.3rc1

phpmyadmin phpmyadmin 2.10.0.2

phpmyadmin phpmyadmin 2.11.0beta1

phpmyadmin phpmyadmin 2.11.0rc1

phpmyadmin phpmyadmin 2.11.5.1

phpmyadmin phpmyadmin 2.11.2.1

phpmyadmin phpmyadmin 2.1

phpmyadmin phpmyadmin 2.1.0

phpmyadmin phpmyadmin 2.11.0.0

phpmyadmin phpmyadmin 2.11.7

Vendor Advisories

Debian Security Advisories: DSA-1641-1 phpmyadmin -- several vulnerabilities
Several remote vulnerabilities have been discovered in phpMyAdmin, a tool to administrate MySQL databases over the web The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-4096 Remote authenticated users could execute arbitrary code on the host running phpMyAdmin through manipulation of a script par ...

Exploits

Exploit DB: phpMyAdmin 3.2 - 'server_databases.php' Remote Command Execution
source: wwwsecurityfocuscom/bid/31188/info phpMyAdmin is prone to a vulnerability that attackers can leverage to execute arbitrary commands This issue occurs because the application fails to adequately sanitize user-supplied input Successful attacks can compromise the affected application and possibly the underlying computer This iss ...

References

CWE-20http://www.openwall.com/lists/oss-security/2008/09/16/2http://www.openwall.com/lists/oss-security/2008/09/15/2http://www.securityfocus.com/bid/31188http://fd.the-wildcat.de/pma_e36a091q11.phphttp://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-7http://www.nabble.com/phpMyAdmin-2.11.9.1-is-released-td19497113.htmlhttp://secunia.com/advisories/31884http://www.debian.org/security/2008/dsa-1641https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01155.htmlhttp://secunia.com/advisories/32034https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01137.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=462430https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01290.htmlhttps://www.redhat.com/archives/fedora-package-announce/2008-September/msg01228.htmlhttp://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.htmlhttp://secunia.com/advisories/33822http://www.mandriva.com/security/advisories?name=MDVSA-2008:202http://security.gentoo.org/glsa/glsa-200903-32.xmlhttp://osvdb.org/48196http://typo3.org/teams/security/security-bulletins/typo3-20080916-1/http://secunia.com/advisories/31918http://www.vupen.com/english/advisories/2008/2619http://www.vupen.com/english/advisories/2008/2585https://exchange.xforce.ibmcloud.com/vulnerabilities/45157https://nvd.nist.govhttps://www.debian.org/security/./dsa-1641https://www.exploit-db.com/exploits/32383/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7028memory leaklog injectionCVE-2024-3400CVE-2022-48695CVE-2022-48675CVE-2024-34487CVE-2024-33792spoof
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook