QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2008-4096

Back to search

CVE-2008-4096

Published: Sep 17, 2008

Modified: Aug 7, 2024

PUBLISHED

Description

libraries/database_interface.lib.php in phpMyAdmin before 2.11.9.1 allows remote authenticated users to execute arbitrary code via a request to server_databases.php with a sort_by parameter containing PHP sequences, which are processed by create_function.

VendorProductVersions

n/a

n/a

affected
n/a

References

MDVSA-2008:202
vendor-advisory
x_refsource_MANDRIVA
31884
third-party-advisory
x_refsource_SECUNIA
31918
third-party-advisory
x_refsource_SECUNIA
SUSE-SR:2009:003
vendor-advisory
x_refsource_SUSE
FEDORA-2008-8370
vendor-advisory
x_refsource_FEDORA
ADV-2008-2585
vdb-entry
x_refsource_VUPEN
FEDORA-2008-8269
vendor-advisory
x_refsource_FEDORA
48196
vdb-entry
x_refsource_OSVDB
GLSA-200903-32
vendor-advisory
x_refsource_GENTOO
FEDORA-2008-8335
vendor-advisory
x_refsource_FEDORA
FEDORA-2008-8286
vendor-advisory
x_refsource_FEDORA
DSA-1641
vendor-advisory
x_refsource_DEBIAN
33822
third-party-advisory
x_refsource_SECUNIA
31188
vdb-entry
x_refsource_BID
32034
third-party-advisory
x_refsource_SECUNIA
ADV-2008-2619
vdb-entry
x_refsource_VUPEN

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now