CVE-2009-1151

Published: Mar 26, 2009

Modified: Oct 22, 2025

PUBLISHED

Description

Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allows remote attackers to inject arbitrary PHP code into a configuration file via the save action.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://www.phpmyadmin.net/home_page/security/PMASA-2009-3.php

x_refsource_CONFIRM

GLSA-200906-03

vendor-advisory

x_refsource_GENTOO

34642

third-party-advisory

x_refsource_SECUNIA

http://www.gnucitizen.org/blog/cve-2009-1151-phpmyadmin-remote-code-execution-proof-of-concept/

x_refsource_MISC

20090609 CVE-2009-1151: phpMyAdmin Remote Code Execution Proof of Concept

mailing-list

x_refsource_BUGTRAQ

DSA-1824

vendor-advisory

x_refsource_DEBIAN

SUSE-SR:2009:008

vendor-advisory

x_refsource_SUSE

MDVSA-2009:115

vendor-advisory

x_refsource_MANDRIVA

34236

vdb-entry

x_refsource_BID

34430

third-party-advisory

x_refsource_SECUNIA

35635

third-party-advisory

x_refsource_SECUNIA

http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/MAINT_2_11_9/phpMyAdmin/scripts/setup.php?r1=11514&r2=12301&pathrev=12301

x_refsource_CONFIRM

8921

exploit

x_refsource_EXPLOIT-DB

35585

third-party-advisory

x_refsource_SECUNIA

http://labs.neohapsis.com/2009/04/06/about-cve-2009-1151/

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2009-1151

Description

Affected Products

References