FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2008-4096

This CVE name corresponds to:

Entered Topic
2008-09-17 phpmyadmin -- Code execution vulnerability

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2008-4096 at cve.mitre.org

Details

Type Candidate
Name CVE-2008-4096
Phase Assigned(20080915)

Description

libraries/database_interface.lib.php in phpMyAdmin before 2.11.9.1 allows remote authenticated users to execute arbitrary code via a request to server_databases.php with a sort_by parameter containing PHP sequences, which are processed by create_function.

References

Source Reference
MLIST [oss-security] 20080915 Re: phpMyAdmin code execution (CVE request)
MLIST [oss-security] 20080915 phpMyAdmin code execution (CVE request)
MLIST [phpmyadmin-news] 20080915 phpMyAdmin 2.11.9.1 is released
MISC http://fd.the-wildcat.de/pma_e36a091q11.php
CONFIRM http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-7
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=462430
CONFIRM http://typo3.org/teams/security/security-bulletins/typo3-20080916-1/
DEBIAN DSA-1641
FEDORA FEDORA-2008-8269
FEDORA FEDORA-2008-8286
FEDORA FEDORA-2008-8335
FEDORA FEDORA-2008-8370
GENTOO GLSA-200903-32
MANDRIVA MDVSA-2008:202
SUSE SUSE-SR:2009:003
BID 31188
OSVDB 48196
SECUNIA 31918
VUPEN ADV-2008-2585
SECUNIA 31884
SECUNIA 32034
SECUNIA 33822
VUPEN ADV-2008-2619
XF phpmyadmin-serverdatabases-code-execution(45157)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.