phpMyAdmin "sort_by" Parameter PHP Code Injection Vulnerability


Description   A vulnerability has been identified in phpMyAdmin, which could be exploited by malicious users to execute arbitrary code. This issue is caused by an input validation error in the "server_databases.php" script that does not validate the "sort_by" parameter, which could be exploited by authenticated attackers to inject and execute arbitrary PHP code with the privileges of the web server.
     
Vulnerable Products   Vulnerable Software:
phpMyAdmin versions prior to 2.11.9.1
     
Solution   Upgrade to phpMyAdmin version 2.11.9.1 : http://www.phpmyadmin.net/home_page/downloads.php
     
CVE   CVE-2008-4096
     
References   http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-7
http://fd.the-wildcat.de/pma_e36a091q11.php
     
Vulnerability Manager Detection   No
     
IPS Protection  
ASQ Engine alarm Available Since
SQL injection Prevention - GET : suspicious OR statement in URL
3.2.0
SQL injection Prevention - GET : suspicious shutdown statement in URL
3.2.0
SQL injection Prevention - POST : suspicious OR statement in data
3.2.0
SQL injection Prevention - POST : suspicious EXEC statement in data
3.2.0
SQL injection Prevention - GET : suspicious EXEC statement in URL
3.2.0
     


 
 
 
 
 Risk level 
Moderate 

 Vulnerability First Public Report Date 
2008-09-16 

 Target Type 
Server 

 Possible exploit 
Local & Remote