Hillstone Networks

RULE（RULE ID：332552）

Rule General Information


Release Date:		2021-03-01

Rule Name:		PhpMyAdmin Config File Code Injection Vulnerability (CVE-2009-1151)

Severity:

CVE ID:

Rule Protection Details


Description:		Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allows remote attackers to inject arbitrary PHP code into a configuration file via the save action.

Impact:		An attacker could exploit this vulnerability to have unspecified effect.

Affected OS:		Windows, Linux, Others

Reference:		SecurityFocusBID:34236 http://labs.neohapsis.com/2009/04/06/about-cve-2009-1151/ http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/MAINT_2_11_9/phpMyAdmin/scripts/setup.php?r1=11514&r2=12301&pathrev=12301

Solutions

The vendor has released upgrade patches to fix vulnerabilities, please visit:
http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin?view=rev&revision;=12301