7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.793 High
EPSS
Percentile
98.0%
Directory
1. Vulnerability description Insufficient output sanitizing when generating configuration file
phpMyAdmin is PHP written tool used by the WEB Management of MySQL
phpMyAdmin Setup script used to generate configuration. If a remote attacker to this script to submit a specially crafted POST request while ๅฐฑ ๅฏ่ฝ ๅจ ็ๆ ็ config.inc.php the configuration file contains any PHP code. Since the configuration file is saved to the server, an unauthenticated remote attacker can exploit this vulnerability to execute arbitrary PHP code
Relevant Link:
http://www.phpmyadmin.net/home_page/security/PMASA-2009-3.php
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1151
http://cwe.mitre.org/data/definitions/661.html
http://sebug.net/vuldb/ssvid-11665
http://www.gnucitizen.org/blog/cve-2009-1151-phpmyadmin-remote-code-execution-proof-of-concept/
2. Vulnerability trigger condition
To use this vulnerability to server attacks, hackers need to meet several necessary conditions