CVE-2009-1285
published 2009-04-16CVE-2009-1285: Static code injection vulnerability in the getConfigFile function in setup/lib/ConfigFile.class.php in phpMyAdmin 3.x before 3.1.3.2 allows remote attackers to…
PriorityP353high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
10.91%
95.3th percentile
Static code injection vulnerability in the getConfigFile function in setup/lib/ConfigFile.class.php in phpMyAdmin 3.x before 3.1.3.2 allows remote attackers to inject arbitrary PHP code into configuration files.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | phpmyadmin | < phpmyadmin 4:3.1.3.2-1 (bookworm) | phpmyadmin 4:3.1.3.2-1 (bookworm) |
| phpmyadmin | phpmyadmin | — | — |
| phpmyadmin | phpmyadmin | — | — |
| phpmyadmin | phpmyadmin | — | — |
| phpmyadmin | phpmyadmin | — | — |
| phpmyadmin | phpmyadmin | — | — |
| phpmyadmin | phpmyadmin | — | — |
| phpmyadmin | phpmyadmin | — | — |
| phpmyadmin | phpmyadmin | — | — |
| phpmyadmin | phpmyadmin | >= 0 < 4:3.1.3.2-1 | 4:3.1.3.2-1 |
| phpmyadmin | phpmyadmin | >= 0 < 4:3.1.3.2-1 | 4:3.1.3.2-1 |
| phpmyadmin | phpmyadmin | >= 0 < 4:3.1.3.2-1 | 4:3.1.3.2-1 |
| phpmyadmin | phpmyadmin | >= 0 < 4:3.1.3.2-1 | 4:3.1.3.2-1 |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH
vendor_debian7.5LOW
vendor_redhat7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-395f-pvp5-hvp6: Static code injection vulnerability in the getConfigFile function in setup/lib/ConfigFile
ghsa_unreviewed·2022-05-02
CVE-2009-1285 [HIGH] CWE-94 GHSA-395f-pvp5-hvp6: Static code injection vulnerability in the getConfigFile function in setup/lib/ConfigFile
Static code injection vulnerability in the getConfigFile function in setup/lib/ConfigFile.class.php in phpMyAdmin 3.x before 3.1.3.2 allows remote attackers to inject arbitrary PHP code into configuration files.
OSV
CVE-2009-1285: Static code injection vulnerability in the getConfigFile function in setup/lib/ConfigFile
osv·2009-04-16·CVSS 7.5
CVE-2009-1285 [HIGH] CVE-2009-1285: Static code injection vulnerability in the getConfigFile function in setup/lib/ConfigFile
Static code injection vulnerability in the getConfigFile function in setup/lib/ConfigFile.class.php in phpMyAdmin 3.x before 3.1.3.2 allows remote attackers to inject arbitrary PHP code into configuration files.
Debian
CVE-2009-1285: phpmyadmin - Static code injection vulnerability in the getConfigFile function in setup/lib/C...
vendor_debian·2009·CVSS 7.5
CVE-2009-1285 [HIGH] CVE-2009-1285: phpmyadmin - Static code injection vulnerability in the getConfigFile function in setup/lib/C...
Static code injection vulnerability in the getConfigFile function in setup/lib/ConfigFile.class.php in phpMyAdmin 3.x before 3.1.3.2 allows remote attackers to inject arbitrary PHP code into configuration files.
Scope: local
bookworm: resolved (fixed in 4:3.1.3.2-1)
bullseye: resolved (fixed in 4:3.1.3.2-1)
forky: resolved (fixed in 4:3.1.3.2-1)
sid: resolved (fixed in 4:3.1.3.2-1)
trixie: resolved (fixed in 4:3.1.3.2-1)
Red Hat
phpMyAdmin: Insufficient output sanitizing when generating configuration file fixed in 3.1.3.2 (PMASA-2009-4)
vendor_redhat·CVSS 7.5
CVE-2009-1285 [HIGH] phpMyAdmin: Insufficient output sanitizing when generating configuration file fixed in 3.1.3.2 (PMASA-2009-4)
phpMyAdmin: Insufficient output sanitizing when generating configuration file fixed in 3.1.3.2 (PMASA-2009-4)
Static code injection vulnerability in the getConfigFile function in setup/lib/ConfigFile.class.php in phpMyAdmin 3.x before 3.1.3.2 allows remote attackers to inject arbitrary PHP code into configuration files.
No detection rules found.
No public exploits indexed.
http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/MAINT_3_1_3/phpMyAdmin/setup/lib/ConfigFile.class.php?r1=12248&r2=12301&pathrev=12342http://secunia.com/advisories/34727http://secunia.com/advisories/34741http://www.phpmyadmin.net/home_page/security/PMASA-2009-4.phphttp://www.securityfocus.com/bid/34526http://www.vupen.com/english/advisories/2009/1045https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00442.htmlhttps://www.redhat.com/archives/fedora-package-announce/2009-April/msg00452.htmlhttp://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/MAINT_3_1_3/phpMyAdmin/setup/lib/ConfigFile.class.php?r1=12248&r2=12301&pathrev=12342http://secunia.com/advisories/34727http://secunia.com/advisories/34741http://www.phpmyadmin.net/home_page/security/PMASA-2009-4.phphttp://www.securityfocus.com/bid/34526http://www.vupen.com/english/advisories/2009/1045https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00442.htmlhttps://www.redhat.com/archives/fedora-package-announce/2009-April/msg00452.html
2009-04-16
Published