Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-4096 — Improper Input Validation in Phpmyadmin

CWE-20 — Improper Input Validation14 documents6 sources

Severity

8.5HIGHNVD

EPSS

16.9%

top 5.02%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Phpmyadmin Debian Phpmyadmin

Timeline

PublishedSep 18

Latest updateMay 2

Description

libraries/database_interface.lib.php in phpMyAdmin before 2.11.9.1 allows remote authenticated users to execute arbitrary code via a request to server_databases.php with a sort_by parameter containing PHP sequences, which are processed by create_function.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 6.8 | Impact: 10.0

Affected Packages3 packages

▶debiandebian/phpmyadmin< phpmyadmin 4:2.11.8.1-2 (bookworm)

▶Debianphpmyadmin/phpmyadmin< 4:2.11.8.1-2+3

▶NVDphpmyadmin/phpmyadmin2.11.9+51

Patches

Patch: www.nabble.com ↗Patch: www.nabble.com ↗

🔴Vulnerability Details

GHSA

GHSA-j99q-43xw-28f9: libraries/database_interface↗2022-05-02

▶

OSV

CVE-2008-4096: libraries/database_interface↗2008-09-18

▶

💥Exploits & PoCs

Exploit-DB

Synchronet BBS 3.16c - Denial of Service↗2017-02-28

▶

Exploit-DB

Linux Kernel < 2.6.22 - 'ftruncate()'/'open()' Local Privilege Escalation↗2008-10-27

▶

Exploit-DB

CYASK 3.x - 'neturl' Local File Disclosure↗2008-09-18

▶

Exploit-DB

phpMyAdmin 3.2 - 'server_databases.php' Remote Command Execution↗2008-09-15

▶

Exploit-DB

Joomla! Component Datsogallery 1.6 - Blind SQL Injection↗2008-05-10

▶

📋Vendor Advisories

Debian

CVE-2008-4096: phpmyadmin - libraries/database_interface.lib.php in phpMyAdmin before 2.11.9.1 allows remote...↗2008

▶

Red Hat

phpMyAdmin: Code execution vulnerability (< 2.11.9.1)↗

▶