FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

phpmyadmin -- Code execution vulnerability

Affected packages
phpMyAdmin < 2.11.9.1

Details

VuXML ID 74bf1594-8493-11dd-bb64-0030843d3802
Discovery 2008-09-15
Entry 2008-09-17
Modified 2010-05-12

A phpMyAdmin security announcement:

The server_databases.php script was vulnerable to an attack coming from a user who is already logged-on to phpMyAdmin, where he can execute shell code (if the PHP configuration permits commands like exec).

References

CVE Name CVE-2008-4096
URL http://secunia.com/Advisories/31884/
URL http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-7