Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).
CVE-2012-5159 — Code Injection in Phpmyadmin
Severity
7.5HIGHNVD
EPSS
87.9%
top 0.52%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
Timeline
PublishedSep 25
Latest updateMay 17
Description
phpMyAdmin 3.5.2.2, as distributed by the cdnetworks-kr-1 mirror during an unspecified time frame in 2012, contains an externally introduced modification (Trojan Horse) in server_sync.php, which allows remote attackers to execute arbitrary PHP code via an eval injection attack.
CVSS vector
AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4
Affected Packages2 packages
🔴Vulnerability Details
1💥Exploits & PoCs
2📋Vendor Advisories
1Debian▶
CVE-2012-5159: phpmyadmin - phpMyAdmin 3.5.2.2, as distributed by the cdnetworks-kr-1 mirror during an unspe...↗2012
💬Community
1Bugzilla▶
CVE-2012-5159 phpmyadmin: cdnetworks-kr-1 used to distribute modified archive of phpMyAdmin, containing a backdoor (PMASA-2012-5)↗2012-09-25