Launchpad CVE tracker

CVE 2009-1151

Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allows remote attackers to inject arbitrary PHP code into a configuration file via the save action.

Related bugs and status

CVE-2009-1151 (Candidate) is related to these bugs:

Bug #306699: please sync phpmyadmin for intrepid with 4:2.11.8.1-5 from debian stable

Summary				In	Importance	Status
	306699	please sync phpmyadmin for intrepid with 4:2.11.8.1-5 from debian stable		phpmyadmin (Ubuntu)	High	Fix Released

Bug #387215: phpMyAdmin: CVE-2009-1151: Arbitrary code execution

		In	Importance	Status
387215	phpMyAdmin: CVE-2009-1151: Arbitrary code execution	phpmyadmin (Ubuntu)	Undecided	Fix Released
387215	phpMyAdmin: CVE-2009-1151: Arbitrary code execution	phpmyadmin (Ubuntu Dapper)	High	Fix Released
387215	phpMyAdmin: CVE-2009-1151: Arbitrary code execution	phpmyadmin (Ubuntu Hardy)	High	Fix Released
387215	phpMyAdmin: CVE-2009-1151: Arbitrary code execution	phpmyadmin (Ubuntu Karmic)	Undecided	Fix Released
387215	phpMyAdmin: CVE-2009-1151: Arbitrary code execution	phpmyadmin (Ubuntu Jaunty)	High	Fix Released
387215	phpMyAdmin: CVE-2009-1151: Arbitrary code execution	phpmyadmin (Ubuntu Intrepid)	High	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://www.phpmyadmin....
SECUNIA: 34430
SUSE: SUSE-SR:2009:008
SECUNIA: 34642
MANDRIVA: MDVSA-2009:115
MISC: http://labs.neohapsis....
MISC: http://www.gnucitizen....
BID: 34236
DEBIAN: DSA-1824
SECUNIA: 35585
GENTOO: GLSA-200906-03
SECUNIA: 35635
CONFIRM: http://phpmyadmin.svn....
EXPLOIT-DB: 8921
BUGTRAQ: 20090609 CVE-2009-1151...

Launchpad.net

CVE 2009-1151

Related bugs and status

Related bugs

References