FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

phpmyadmin -- insufficient output sanitizing when generating configuration file

Affected packages
phpMyAdmin211 < 2.11.9.5
phpMyAdmin < 3.1.3.1

Details

VuXML ID 06f9174f-190f-11de-b2f0-001c2514716c
Discovery 2009-03-24
Entry 2009-03-25
Modified 2010-05-02

phpMyAdmin reports:

Setup script used to generate configuration can be fooled using a crafted POST request to include arbitrary PHP code in generated configuration file.

References

CVE Name CVE-2009-1151
URL http://www.phpmyadmin.net/home_page/security/PMASA-2009-3.php