Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:DSA-1824-1
HistoryJun 25, 2009 - 12:00 a.m.

phpmyadmin - several vulnerabilities

2009-06-2500:00:00
Google
osv.dev
15

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.807 High

EPSS

Percentile

97.8%

JSON

Several remote vulnerabilities have been discovered in phpMyAdmin, a tool
to administer MySQL over the web. The Common Vulnerabilities and Exposures
project identifies the following problems:

  • CVE-2009-1150
    Cross site scripting vulnerability in the export page allow for an
    attacker that can place crafted cookies with the user to inject
    arbitrary web script or HTML.
  • CVE-2009-1151
    Static code injection allows for a remote attacker to inject arbitrary
    code into phpMyAdmin via the setup.php script. This script is in Debian
    under normal circumstances protected via Apache authentication.
    However, because of a recent worm based on this exploit, we are patching
    it regardless, to also protect installations that somehow still expose
    the setup.php script.

For the old stable distribution (etch), these problems have been fixed in
version 2.9.1.1-11.

For the stable distribution (lenny), these problems have been fixed in
version 2.11.8.1-5+lenny1.

For the unstable distribution (sid), these problems have been fixed in
version 3.1.3.1-1.

We recommend that you upgrade your phpmyadmin package.

CPENameOperatorVersion
phpmyadmineq4:2.11.8.1-5

Related

openvas 19
debian 1
securityvulns 2
nessus 6
gentoo 1
redhatcve 2
debiancve 2
canvas 1
hackerone 1
prion 2
checkpoint_advisories 1
packetstorm 2
seebug 3
symantec 1
attackerkb 1
metasploit 1
cve 2
phpmyadmin 2
ubuntucve 2
cisa_kev 1
d2 1
myhack58 1
exploitpack 1
dsquare 1
freebsd 1
nuclei 1
exploitdb 2
threatpost 1
talosblog 1
openvas
openvas
Mandrake Security Advisory MDVSA-2009:115 (phpMyAdmin)
2009-05-25 00:00:00
Gentoo Security Advisory GLSA 200906-03 (phpmyadmin)
2009-07-06 00:00:00
Debian Security Advisory DSA 1824-1 (phpmyadmin)
2009-06-30 00:00:00
debian
debian
[SECURITY] [DSA 1824-1] New phpmyadmin packages fix several vulnerabilities
2009-06-25 20:55:52
securityvulns
securityvulns
[SECURITY] [DSA 1824-1] New phpmyadmin packages fix several vulnerabilities
2009-06-26 00:00:00
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
2009-06-26 00:00:00
nessus
nessus
GLSA-200906-03 : phpMyAdmin: Multiple vulnerabilities
2009-06-30 00:00:00
Debian DSA-1824-1 : phpmyadmin - several vulnerabilities
2009-06-30 00:00:00
openSUSE Security Update : phpMyAdmin (phpMyAdmin-711)
2009-07-21 00:00:00
gentoo
gentoo
phpMyAdmin: Multiple vulnerabilities
2009-06-29 00:00:00
redhatcve
redhatcve
CVE-2009-1150
2019-10-04 21:33:00
CVE-2009-1151
2019-10-04 21:32:59
debiancve
debiancve
CVE-2009-1150
2009-03-26 14:30:00
CVE-2009-1151
2009-03-26 14:30:00
canvas
canvas
Immunity Canvas: PHPMYADMIN_INJECTION
2009-03-26 14:30:00
hackerone
hackerone
Mail.ru: PHP code injection at tz.mail.ru
2020-02-17 16:32:55
prion
prion
Cross site scripting
2009-03-26 14:30:00
Code injection
2009-03-26 14:30:00
checkpoint_advisories
checkpoint_advisories
PHPMyAdmin Misconfiguration Remote Code Injection (CVE-2009-1151)
2014-02-23 00:00:00
packetstorm
packetstorm
phpMyAdmin /scripts/setup.php Code Injection
2009-06-10 00:00:00
PhpMyAdmin Config File Code Injection
2009-12-31 00:00:00
seebug
seebug
phpMyAdmin (/scripts/setup.php) PHP Code Injection Exploit
2009-06-11 00:00:00
phpMyAdmin setup.php่„šๆœฌPHPไปฃ็ ๆณจๅ…ฅๆผๆดž
2009-06-19 00:00:00
PhpMyAdmin Config File Code Injection
2014-07-01 00:00:00
symantec
symantec
phpMyAdmin 'setup.php' PHP Code Injection Vulnerability
2009-03-25 00:00:00
attackerkb
attackerkb
CVE-2009-1151
2009-03-26 00:00:00
metasploit
metasploit
PhpMyAdmin Config File Code Injection
2009-11-16 08:42:32
cve
cve
CVE-2009-1151
2009-03-26 14:30:00
CVE-2009-1150
2009-03-26 14:30:00
phpmyadmin
phpmyadmin
Insufficient output sanitizing when generating configuration file.
2009-03-24 00:00:00
Cross-site scripting on export page using cookies.
2009-03-24 00:00:00
ubuntucve
ubuntucve
CVE-2009-1150
2009-03-26 00:00:00
CVE-2009-1151
2009-03-26 00:00:00
cisa_kev
cisa_kev
phpMyAdmin Remote Code Execution Vulnerability
2022-03-25 00:00:00
d2
d2
DSquare Exploit Pack: D2SEC_PHPMYADMIN_RCE
2009-03-26 14:30:00
myhack58
myhack58
CVE-2 0 0 9-1 1 5 1 phpMyadmin Remote Code Injection && Execution-vulnerability warning-the black bar safety net
2014-10-23 00:00:00
exploitpack
exploitpack
phpMyAdmin - scriptssetup.php PHP Code Injection
2009-06-09 00:00:00
dsquare
dsquare
Phpmyadmin File Upload
2012-04-13 00:00:00
freebsd
freebsd
phpmyadmin -- insufficient output sanitizing when generating configuration file
2009-03-24 00:00:00
nuclei
nuclei
PhpMyAdmin Scripts - Remote Code Execution
2021-04-14 12:04:59
exploitdb
exploitdb
phpMyAdmin - '/scripts/setup.php' PHP Code Injection
2009-06-09 00:00:00
phpMyAdmin - Config File Code Injection (Metasploit)
2010-07-03 00:00:00
threatpost
threatpost
State-Sponsored DNS Hijacking Infiltrates 40 Firms Globally
2019-04-17 17:32:06
talosblog
talosblog
DNS Hijacking Abuses Trust In Core Internet Service
2019-04-18 16:08:25

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.807 High

EPSS

Percentile

97.8%

JSON
Related for OSV:DSA-1824-1
openvas19debian1securityvulns2nessus6gentoo1redhatcve2debiancve2canvas1hackerone1prion2checkpoint_advisories1packetstorm2seebug3symantec1attackerkb1metasploit1cve2phpmyadmin2ubuntucve2cisa_kev1d21myhack581exploitpack1dsquare1freebsd1nuclei1exploitdb2threatpost1talosblog1