⚠ Actively exploited

Added to CISA KEV on 2022-03-25. Federal agencies required to patch by 2022-04-15. Required action: Apply updates per vendor instructions..

CVE-2009-1151 — Code Injection in Phpmyadmin

CWE-94 — Code Injection17 documents13 sources

Severity

9.8CRITICALNVD

EPSS

93.0%

top 0.22%

CISA KEV

KEV

Added 2022-03-25

Due 2022-04-15

Exploit

Exploited in wild

Active exploitation observed

Affected products

Phpmyadmin Debian Phpmyadmin Debian Linux

Timeline

PublishedMar 26

KEV addedMar 25

KEV dueApr 15

Latest updateMay 2

CISA Required Action: Apply updates per vendor instructions.

Description

Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allows remote attackers to inject arbitrary PHP code into a configuration file via the save action.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

▶debiandebian/phpmyadmin< phpmyadmin 4:3.1.3.1-1 (bookworm)

▶NVDphpmyadmin/phpmyadmin2.11.0 — 2.11.9.5+1

▶Debianphpmyadmin/phpmyadmin< 4:3.1.3.1-1+3

Also affects: Debian Linux 4.0, 5.0

Patches

Patch: www.phpmyadmin.net ↗Patch: www.phpmyadmin.net ↗

🔴Vulnerability Details

GHSA

GHSA-fw5c-3235-cprv: Static code injection vulnerability in setup↗2022-05-02

▶

OSV

CVE-2009-1151: Static code injection vulnerability in setup↗2009-03-26

▶

VulnCheck

phpMyAdmin Remote Code Execution Vulnerability↗2009

▶

💥Exploits & PoCs

Exploit-DB

phpMyAdmin - Config File Code Injection (Metasploit)↗2010-07-03

▶

Exploit-DB

phpMyAdmin - 'pmaPWN!' Code Injection / Remote Code Execution↗2009-06-22

▶

Exploit-DB

phpMyAdmin - '/scripts/setup.php' PHP Code Injection↗2009-06-09

▶

Nuclei

PhpMyAdmin Scripts - Remote Code Execution

▶

Metasploit

PhpMyAdmin Config File Code Injection↗

▶

🔍Detection Rules

Suricata

ET WEB_SPECIFIC_APPS phpMyAdmin Remote Code Execution Proof of Concept (p=)↗2010-07-30

▶

Suricata

ET WEB_SPECIFIC_APPS phpMyAdmin Remote Code Execution Proof of Concept (c=)↗2010-07-30

▶

📋Vendor Advisories

CISA

phpMyAdmin Remote Code Execution Vulnerability↗2022-03-25

▶

Debian

CVE-2009-1151: phpmyadmin - Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x before 2.1...↗2009

▶

Red Hat

phpMyAdmin: multiple security fixes in 3.1.3.1 (PMASA-2009-{1,2,3})↗

▶

🕵️Threat Intelligence

Tenable

Sea Turtle DNS Hijacking Campaign Utilizes At Least Seven Patched Vulnerabilities↗2019-04-19

▶

Talos

DNS Hijacking Abuses Trust In Core Internet Service↗2019-04-17

▶

Talos

DNS Hijacking Abuses Trust In Core Internet Service↗2019-04-17

▶