Lucene search
RootSSV:11665HistoryJun 19, 2009 - 12:00 a.m.
phpMyAdmin setup.php脚本PHP代码注入漏洞
2009-06-1900:00:00
Root
www.seebug.org
145
0.793 High
EPSS
Percentile
98.0%
BUGTRAQ ID: 34236
CVE(CAN) ID: CVE-2009-1151
phpMyAdmin是用PHP编写的工具,用于通过WEB管理MySQL。
phpMyAdmin的Setup脚本用于生成配置。如果远程攻击者向该脚本提交了特制的POST请求的话,就可能在生成的config.inc.php 配置文件中包含任意PHP代码。由于配置文件被保存到了服务器上,未经认证的远程攻击者可以利用这个漏洞执行任意PHP代码。
phpMyAdmin phpMyAdmin 3.x
phpMyAdmin phpMyAdmin 2.11.x
厂商补丁:
phpMyAdmin
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
<a href=“http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin?view=rev&revision=12301” target=“_blank”>http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin?view=rev&revision=12301</a>
http://sebug.net/exploit/11571/
Related
canvas
canvas
Immunity Canvas: PHPMYADMIN_INJECTION
2009-03-26 14:30:00
nessus
nessus
phpMyAdmin setup.php save Action Arbitrary PHP Code Injection (PMASA-2009-3)
2009-04-16 00:00:00
FreeBSD : phpmyadmin -- insufficient output sanitizing when generating configuration file (06f9174f-190f-11de-b2f0-001c2514716c)
2009-03-25 00:00:00
GLSA-200906-03 : phpMyAdmin: Multiple vulnerabilities
2009-06-30 00:00:00
hackerone
hackerone
Mail.ru: PHP code injection at tz.mail.ru
2020-02-17 16:32:55
checkpoint_advisories
checkpoint_advisories
PHPMyAdmin Misconfiguration Remote Code Injection (CVE-2009-1151)
2014-02-23 00:00:00
prion
prion
Code injection
2009-03-26 14:30:00
openvas
openvas
FreeBSD Ports: phpMyAdmin211
2009-03-31 00:00:00
FreeBSD Ports: phpMyAdmin211
2009-03-31 00:00:00
phpMyAdmin Code Injection and XSS Vulnerability
2009-03-26 00:00:00
packetstorm
packetstorm
phpMyAdmin /scripts/setup.php Code Injection
2009-06-10 00:00:00
PhpMyAdmin Config File Code Injection
2009-12-31 00:00:00
symantec
symantec
phpMyAdmin 'setup.php' PHP Code Injection Vulnerability
2009-03-25 00:00:00
seebug
seebug
phpMyAdmin (/scripts/setup.php) PHP Code Injection Exploit
2009-06-11 00:00:00
PhpMyAdmin Config File Code Injection
2014-07-01 00:00:00
redhatcve
redhatcve
CVE-2009-1151
2019-10-04 21:32:59
attackerkb
attackerkb
CVE-2009-1151
2009-03-26 00:00:00
metasploit
metasploit
PhpMyAdmin Config File Code Injection
2009-11-16 08:42:32
phpmyadmin
phpmyadmin
Insufficient output sanitizing when generating configuration file.
2009-03-24 00:00:00
cve
cve
CVE-2009-1151
2009-03-26 14:30:00
cisa_kev
cisa_kev
phpMyAdmin Remote Code Execution Vulnerability
2022-03-25 00:00:00
d2
d2
DSquare Exploit Pack: D2SEC_PHPMYADMIN_RCE
2009-03-26 14:30:00
exploitpack
exploitpack
phpMyAdmin - scriptssetup.php PHP Code Injection
2009-06-09 00:00:00
dsquare
dsquare
Phpmyadmin File Upload
2012-04-13 00:00:00
myhack58
myhack58
ubuntucve
ubuntucve
CVE-2009-1151
2009-03-26 00:00:00
freebsd
freebsd
debiancve
debiancve
CVE-2009-1151
2009-03-26 14:30:00
nuclei
nuclei
PhpMyAdmin Scripts - Remote Code Execution
2021-04-14 12:04:59
exploitdb
exploitdb
phpMyAdmin - Config File Code Injection (Metasploit)
2010-07-03 00:00:00
phpMyAdmin - '/scripts/setup.php' PHP Code Injection
2009-06-09 00:00:00
osv
osv
phpmyadmin - several vulnerabilities
2009-06-25 00:00:00
securityvulns
securityvulns
debian
debian
[SECURITY] [DSA 1824-1] New phpmyadmin packages fix several vulnerabilities
2009-06-25 20:55:52
gentoo
gentoo
phpMyAdmin: Multiple vulnerabilities
2009-06-29 00:00:00
threatpost
threatpost
State-Sponsored DNS Hijacking Infiltrates 40 Firms Globally
2019-04-17 17:32:06
talosblog
talosblog
DNS Hijacking Abuses Trust In Core Internet Service
2019-04-18 16:08:25