CVE-2012-5159

2012-09-2522:55:00

Debian Security Bug Tracker

security-tracker.debian.org

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.911

Percentile

98.9%

JSON

phpMyAdmin 3.5.2.2, as distributed by the cdnetworks-kr-1 mirror during an unspecified time frame in 2012, contains an externally introduced modification (Trojan Horse) in server_sync.php, which allows remote attackers to execute arbitrary PHP code via an eval injection attack.

OSVersionArchitecturePackageVersionFilename
Debian12allphpmyadmin< 4:5.2.1+dfsg-1phpmyadmin_4:5.2.1+dfsg-1_all.deb
Debian11allphpmyadmin< 4:5.0.4+dfsg2-2+deb11u1phpmyadmin_4:5.0.4+dfsg2-2+deb11u1_all.deb
Debian999allphpmyadmin< 4:5.2.1+dfsg-3phpmyadmin_4:5.2.1+dfsg-3_all.deb
Debian13allphpmyadmin< 4:5.2.1+dfsg-3phpmyadmin_4:5.2.1+dfsg-3_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	phpmyadmin	< 4:5.2.1+dfsg-1	phpmyadmin_4:5.2.1+dfsg-1_all.deb
Debian	11	all	phpmyadmin	< 4:5.0.4+dfsg2-2+deb11u1	phpmyadmin_4:5.0.4+dfsg2-2+deb11u1_all.deb
Debian	999	all	phpmyadmin	< 4:5.2.1+dfsg-3	phpmyadmin_4:5.2.1+dfsg-3_all.deb
Debian	13	all	phpmyadmin	< 4:5.2.1+dfsg-3	phpmyadmin_4:5.2.1+dfsg-3_all.deb