Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
freebsdFreeBSD1A0E4CC6-29BF-11DE-BDEB-0030843D3802
HistoryApr 14, 2009 - 12:00 a.m.

phpmyadmin -- insufficient output sanitizing when generating configuration file

2009-04-1400:00:00
vuxml.freebsd.org
18

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.029

Percentile

90.9%

JSON

phpMyAdmin Team reports:

Setup script used to generate configuration can be fooled using a
crafted POST request to include arbitrary PHP code in generated
configuration file. Combined with ability to save files on server,
this can allow unauthenticated users to execute arbitrary PHP code.
This issue is on different parameters than PMASA-2009-3 and it was
missed out of our radar because it was not existing in 2.11.x
branch.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchphpmyadmin<ย 3.1.3.2UNKNOWN

Related

seebug 2
openvas 7
nessus 4
cve 1
nvd 1
cvelist 1
ubuntucve 1
phpmyadmin 1
debiancve 1
prion 1
redhatcve 1
seebug
seebug
phpMyAdmin้…็ฝฎๆ–‡ไปถPHPไปฃ็ ๆณจๅ…ฅๆผๆดž
2009-04-16 00:00:00
CVE-2009-1285: phpMyAdmin Code Injection
2009-04-25 00:00:00
openvas
openvas
Fedora Core 10 FEDORA-2009-3700 (phpMyAdmin)
2009-04-20 00:00:00
FreeBSD Ports: phpMyAdmin
2009-04-20 00:00:00
FreeBSD Ports: phpMyAdmin
2009-04-20 00:00:00
nessus
nessus
phpMyAdmin Setup Script Configuration Parameters Arbitrary PHP Code Injection (PMASA-2009-4)
2009-04-16 00:00:00
Fedora 10 : phpMyAdmin-3.1.3.2-1.fc10 (2009-3700)
2009-04-23 00:00:00
FreeBSD : phpmyadmin -- insufficient output sanitizing when generating configuration file (1a0e4cc6-29bf-11de-bdeb-0030843d3802)
2009-04-16 00:00:00
cve
cve
CVE-2009-1285
2009-04-16 15:12:57
nvd
nvd
CVE-2009-1285
2009-04-16 15:12:57
cvelist
cvelist
CVE-2009-1285
2009-04-16 15:00:00
ubuntucve
ubuntucve
CVE-2009-1285
2009-04-16 00:00:00
phpmyadmin
phpmyadmin
Insufficient output sanitizing when generating configuration file.
2009-04-14 00:00:00
debiancve
debiancve
CVE-2009-1285
2009-04-16 15:12:57
prion
prion
Code injection
2009-04-16 15:12:00
redhatcve
redhatcve
CVE-2009-1285
2019-10-04 21:36:54

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.029

Percentile

90.9%

JSON
Related for 1A0E4CC6-29BF-11DE-BDEB-0030843D3802
seebug2openvas7nessus4cve1nvd1cvelist1ubuntucve1phpmyadmin1debiancve1prion1redhatcve1