Wednesday, June 10, 2009

PhpAdmin PHP Code Injection RCE PoC

An attacker can exploit this vulnerability to inject and execute arbitrary malicious PHP code in the context of the webserver process. This may facilitate a compromise of the application and the underlying system; other attacks are also possible.

Versions prior to phpMyAdmin 2.11.9.5 and 3.1.3.1 are vulnerable.




Reference:
1. http://www.securityfocus.com/bid/34236/discuss
2. http://www.milw0rm.com/exploits/8921
3. http://www.phpmyadmin.net/home_page/security/PMASA-2009-3.php
4. http://labs.neohapsis.com/2009/04/06/about-cve-2009-1151/
5. http://www.gnucitizen.org/blog/cve-2009-1151-phpmyadmin-remote-code-execution-proof-of-concept/
at 6:47 AM
Labels: , , ,

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)