CVE-2008-4096

phpMyAdmin 3.2 - 'server_databases.php' Remote Command Execution

Severity Score

8.8

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

libraries/database_interface.lib.php in phpMyAdmin before 2.11.9.1 allows remote authenticated users to execute arbitrary code via a request to server_databases.php with a sort_by parameter containing PHP sequences, which are processed by create_function.

libraries/database_interface.lib.php en phpMyAdmin anterior a 2.11.9.1, permite a usuarios autenticados en remoto ejecutar código de su elección a través de una solicitud a server_databases.php con un parámetro sort_by que contenga secuencias PHP que son procesadas por create_function.

A few vulnerabilities and security-related issues have been fixed in phpMyAdmin since the 2.11.7 release. This update provides version 2.11.9.2 which is the latest stable release of phpMyAdmin and fixes CVE-2008-3197, CVE-2008-3456, CVE-2008-3457, and CVE-2008-4096. No configuration changes should be required since the previous update (version 2.11.7). If upgrading from older versions, it may be necessary to reconfigure phpMyAdmin. The configuration file is located in /etc/phpMyAdmin/. In most cases, it should be sufficient so simply replace config.default.php with config.default.php.rpmnew and make whatever modifications are necessary.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Medium

Authentication

Single

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2008-09-15 CVE Reserved
2008-09-17 CVE Published
2014-03-20 First Exploit
2024-08-07 CVE Updated
2025-05-28 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-20: Improper Input Validation

CAPEC

References (25)

URL	Tag	Source
http://fd.the-wildcat.de/pma_e36a091q11.php	X_refsource_misc
http://osvdb.org/48196	Vdb Entry
http://secunia.com/advisories/31918	Third Party Advisory
http://secunia.com/advisories/32034	Third Party Advisory
http://secunia.com/advisories/33822	Third Party Advisory
http://typo3.org/teams/security/security-bulletins/typo3-20080916-1	X_refsource_confirm
http://www.openwall.com/lists/oss-security/2008/09/16/2	Mailing List
http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-7	X_refsource_confirm
http://www.vupen.com/english/advisories/2008/2585	Vdb Entry
http://www.vupen.com/english/advisories/2008/2619	Vdb Entry
https://bugzilla.redhat.com/show_bug.cgi?id=462430	X_refsource_confirm
https://exchange.xforce.ibmcloud.com/vulnerabilities/45157	Vdb Entry

URL	Date	SRC
https://www.exploit-db.com/exploits/32383	2014-03-20
http://www.openwall.com/lists/oss-security/2008/09/15/2	2024-08-07
http://www.securityfocus.com/bid/31188	2024-08-07

URL	Date	SRC
http://www.nabble.com/phpMyAdmin-2.11.9.1-is-released-td19497113.html	2017-08-08

URL	Date	SRC
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html	2017-08-08
http://secunia.com/advisories/31884	2017-08-08
http://security.gentoo.org/glsa/glsa-200903-32.xml	2017-08-08
http://www.debian.org/security/2008/dsa-1641	2017-08-08
http://www.mandriva.com/security/advisories?name=MDVSA-2008:202	2017-08-08
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01137.html	2017-08-08
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01155.html	2017-08-08
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01228.html	2017-08-08
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01290.html	2017-08-08

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Phpmyadmin Search vendor "Phpmyadmin"		Phpmyadmin Search vendor "Phpmyadmin" for product "Phpmyadmin"				<= 2.11.9 Search vendor "Phpmyadmin" for product "Phpmyadmin" and version " <= 2.11.9"		-		Affected
Phpmyadmin Search vendor "Phpmyadmin"		Phpmyadmin Search vendor "Phpmyadmin" for product "Phpmyadmin"				2.0 Search vendor "Phpmyadmin" for product "Phpmyadmin" and version "2.0"		-		Affected
Phpmyadmin Search vendor "Phpmyadmin"		Phpmyadmin Search vendor "Phpmyadmin" for product "Phpmyadmin"				2.0.0 Search vendor "Phpmyadmin" for product "Phpmyadmin" and version "2.0.0"		-		Affected
Phpmyadmin Search vendor "Phpmyadmin"		Phpmyadmin Search vendor "Phpmyadmin" for product "Phpmyadmin"				2.0.1 Search vendor "Phpmyadmin" for product "Phpmyadmin" and version "2.0.1"		-		Affected
Phpmyadmin Search vendor "Phpmyadmin"		Phpmyadmin Search vendor "Phpmyadmin" for product "Phpmyadmin"				2.0.2 Search vendor "Phpmyadmin" for product "Phpmyadmin" and version "2.0.2"		-		Affected
Phpmyadmin Search vendor "Phpmyadmin"		Phpmyadmin Search vendor "Phpmyadmin" for product "Phpmyadmin"				2.0.3 Search vendor "Phpmyadmin" for product "Phpmyadmin" and version "2.0.3"		-		Affected
Phpmyadmin Search vendor "Phpmyadmin"		Phpmyadmin Search vendor "Phpmyadmin" for product "Phpmyadmin"				2.0.4 Search vendor "Phpmyadmin" for product "Phpmyadmin" and version "2.0.4"		-		Affected
Phpmyadmin Search vendor "Phpmyadmin"		Phpmyadmin Search vendor "Phpmyadmin" for product "Phpmyadmin"				2.0.5 Search vendor "Phpmyadmin" for product "Phpmyadmin" and version "2.0.5"		-		Affected
Phpmyadmin Search vendor "Phpmyadmin"		Phpmyadmin Search vendor "Phpmyadmin" for product "Phpmyadmin"				2.1 Search vendor "Phpmyadmin" for product "Phpmyadmin" and version "2.1"		-		Affected
Phpmyadmin Search vendor "Phpmyadmin"		Phpmyadmin Search vendor "Phpmyadmin" for product "Phpmyadmin"				2.1.0 Search vendor "Phpmyadmin" for product "Phpmyadmin" and version "2.1.0"		-		Affected
Phpmyadmin Search vendor "Phpmyadmin"		Phpmyadmin Search vendor "Phpmyadmin" for product "Phpmyadmin"				2.1.1 Search vendor "Phpmyadmin" for product "Phpmyadmin" and version "2.1.1"		-		Affected
Phpmyadmin Search vendor "Phpmyadmin"		Phpmyadmin Search vendor "Phpmyadmin" for product "Phpmyadmin"				2.1.2 Search vendor "Phpmyadmin" for product "Phpmyadmin" and version "2.1.2"		-		Affected
Phpmyadmin Search vendor "Phpmyadmin"		Phpmyadmin Search vendor "Phpmyadmin" for product "Phpmyadmin"				2.10.0 Search vendor "Phpmyadmin" for product "Phpmyadmin" and version "2.10.0"		-		Affected
Phpmyadmin Search vendor "Phpmyadmin"		Phpmyadmin Search vendor "Phpmyadmin" for product "Phpmyadmin"				2.10.0.0 Search vendor "Phpmyadmin" for product "Phpmyadmin" and version "2.10.0.0"		-		Affected
Phpmyadmin Search vendor "Phpmyadmin"		Phpmyadmin Search vendor "Phpmyadmin" for product "Phpmyadmin"				2.10.0.1 Search vendor "Phpmyadmin" for product "Phpmyadmin" and version "2.10.0.1"		-		Affected
Phpmyadmin Search vendor "Phpmyadmin"		Phpmyadmin Search vendor "Phpmyadmin" for product "Phpmyadmin"				2.10.0.2 Search vendor "Phpmyadmin" for product "Phpmyadmin" and version "2.10.0.2"		-		Affected
Phpmyadmin Search vendor "Phpmyadmin"		Phpmyadmin Search vendor "Phpmyadmin" for product "Phpmyadmin"				2.10.1 Search vendor "Phpmyadmin" for product "Phpmyadmin" and version "2.10.1"		-		Affected
Phpmyadmin Search vendor "Phpmyadmin"		Phpmyadmin Search vendor "Phpmyadmin" for product "Phpmyadmin"				2.10.01 Search vendor "Phpmyadmin" for product "Phpmyadmin" and version "2.10.01"		-		Affected
Phpmyadmin Search vendor "Phpmyadmin"		Phpmyadmin Search vendor "Phpmyadmin" for product "Phpmyadmin"				2.10.1.0 Search vendor "Phpmyadmin" for product "Phpmyadmin" and version "2.10.1.0"		-		Affected
Phpmyadmin Search vendor "Phpmyadmin"		Phpmyadmin Search vendor "Phpmyadmin" for product "Phpmyadmin"				2.10.2 Search vendor "Phpmyadmin" for product "Phpmyadmin" and version "2.10.2"		-		Affected
Phpmyadmin Search vendor "Phpmyadmin"		Phpmyadmin Search vendor "Phpmyadmin" for product "Phpmyadmin"				2.10.2.0 Search vendor "Phpmyadmin" for product "Phpmyadmin" and version "2.10.2.0"		-		Affected
Phpmyadmin Search vendor "Phpmyadmin"		Phpmyadmin Search vendor "Phpmyadmin" for product "Phpmyadmin"				2.10.3 Search vendor "Phpmyadmin" for product "Phpmyadmin" and version "2.10.3"		-		Affected
Phpmyadmin Search vendor "Phpmyadmin"		Phpmyadmin Search vendor "Phpmyadmin" for product "Phpmyadmin"				2.10.3.0 Search vendor "Phpmyadmin" for product "Phpmyadmin" and version "2.10.3.0"		-		Affected
Phpmyadmin Search vendor "Phpmyadmin"		Phpmyadmin Search vendor "Phpmyadmin" for product "Phpmyadmin"				2.10.3rc1 Search vendor "Phpmyadmin" for product "Phpmyadmin" and version "2.10.3rc1"		-		Affected
Phpmyadmin Search vendor "Phpmyadmin"		Phpmyadmin Search vendor "Phpmyadmin" for product "Phpmyadmin"				2.11.0 Search vendor "Phpmyadmin" for product "Phpmyadmin" and version "2.11.0"		-		Affected
Phpmyadmin Search vendor "Phpmyadmin"		Phpmyadmin Search vendor "Phpmyadmin" for product "Phpmyadmin"				2.11.0.0 Search vendor "Phpmyadmin" for product "Phpmyadmin" and version "2.11.0.0"		-		Affected
Phpmyadmin Search vendor "Phpmyadmin"		Phpmyadmin Search vendor "Phpmyadmin" for product "Phpmyadmin"				2.11.0beta1 Search vendor "Phpmyadmin" for product "Phpmyadmin" and version "2.11.0beta1"		-		Affected
Phpmyadmin Search vendor "Phpmyadmin"		Phpmyadmin Search vendor "Phpmyadmin" for product "Phpmyadmin"				2.11.0rc1 Search vendor "Phpmyadmin" for product "Phpmyadmin" and version "2.11.0rc1"		-		Affected
Phpmyadmin Search vendor "Phpmyadmin"		Phpmyadmin Search vendor "Phpmyadmin" for product "Phpmyadmin"				2.11.1 Search vendor "Phpmyadmin" for product "Phpmyadmin" and version "2.11.1"		-		Affected
Phpmyadmin Search vendor "Phpmyadmin"		Phpmyadmin Search vendor "Phpmyadmin" for product "Phpmyadmin"				2.11.1.0 Search vendor "Phpmyadmin" for product "Phpmyadmin" and version "2.11.1.0"		-		Affected
Phpmyadmin Search vendor "Phpmyadmin"		Phpmyadmin Search vendor "Phpmyadmin" for product "Phpmyadmin"				2.11.1.1 Search vendor "Phpmyadmin" for product "Phpmyadmin" and version "2.11.1.1"		-		Affected
Phpmyadmin Search vendor "Phpmyadmin"		Phpmyadmin Search vendor "Phpmyadmin" for product "Phpmyadmin"				2.11.1.2 Search vendor "Phpmyadmin" for product "Phpmyadmin" and version "2.11.1.2"		-		Affected
Phpmyadmin Search vendor "Phpmyadmin"		Phpmyadmin Search vendor "Phpmyadmin" for product "Phpmyadmin"				2.11.1rc1 Search vendor "Phpmyadmin" for product "Phpmyadmin" and version "2.11.1rc1"		-		Affected
Phpmyadmin Search vendor "Phpmyadmin"		Phpmyadmin Search vendor "Phpmyadmin" for product "Phpmyadmin"				2.11.2 Search vendor "Phpmyadmin" for product "Phpmyadmin" and version "2.11.2"		-		Affected
Phpmyadmin Search vendor "Phpmyadmin"		Phpmyadmin Search vendor "Phpmyadmin" for product "Phpmyadmin"				2.11.2.0 Search vendor "Phpmyadmin" for product "Phpmyadmin" and version "2.11.2.0"		-		Affected
Phpmyadmin Search vendor "Phpmyadmin"		Phpmyadmin Search vendor "Phpmyadmin" for product "Phpmyadmin"				2.11.2.1 Search vendor "Phpmyadmin" for product "Phpmyadmin" and version "2.11.2.1"		-		Affected
Phpmyadmin Search vendor "Phpmyadmin"		Phpmyadmin Search vendor "Phpmyadmin" for product "Phpmyadmin"				2.11.2.2 Search vendor "Phpmyadmin" for product "Phpmyadmin" and version "2.11.2.2"		-		Affected
Phpmyadmin Search vendor "Phpmyadmin"		Phpmyadmin Search vendor "Phpmyadmin" for product "Phpmyadmin"				2.11.3 Search vendor "Phpmyadmin" for product "Phpmyadmin" and version "2.11.3"		-		Affected
Phpmyadmin Search vendor "Phpmyadmin"		Phpmyadmin Search vendor "Phpmyadmin" for product "Phpmyadmin"				2.11.3.0 Search vendor "Phpmyadmin" for product "Phpmyadmin" and version "2.11.3.0"		-		Affected
Phpmyadmin Search vendor "Phpmyadmin"		Phpmyadmin Search vendor "Phpmyadmin" for product "Phpmyadmin"				2.11.3rc1 Search vendor "Phpmyadmin" for product "Phpmyadmin" and version "2.11.3rc1"		-		Affected
Phpmyadmin Search vendor "Phpmyadmin"		Phpmyadmin Search vendor "Phpmyadmin" for product "Phpmyadmin"				2.11.4 Search vendor "Phpmyadmin" for product "Phpmyadmin" and version "2.11.4"		-		Affected
Phpmyadmin Search vendor "Phpmyadmin"		Phpmyadmin Search vendor "Phpmyadmin" for product "Phpmyadmin"				2.11.4.0 Search vendor "Phpmyadmin" for product "Phpmyadmin" and version "2.11.4.0"		-		Affected
Phpmyadmin Search vendor "Phpmyadmin"		Phpmyadmin Search vendor "Phpmyadmin" for product "Phpmyadmin"				2.11.4rc1 Search vendor "Phpmyadmin" for product "Phpmyadmin" and version "2.11.4rc1"		-		Affected
Phpmyadmin Search vendor "Phpmyadmin"		Phpmyadmin Search vendor "Phpmyadmin" for product "Phpmyadmin"				2.11.5 Search vendor "Phpmyadmin" for product "Phpmyadmin" and version "2.11.5"		-		Affected
Phpmyadmin Search vendor "Phpmyadmin"		Phpmyadmin Search vendor "Phpmyadmin" for product "Phpmyadmin"				2.11.5.0 Search vendor "Phpmyadmin" for product "Phpmyadmin" and version "2.11.5.0"		-		Affected
Phpmyadmin Search vendor "Phpmyadmin"		Phpmyadmin Search vendor "Phpmyadmin" for product "Phpmyadmin"				2.11.5.1 Search vendor "Phpmyadmin" for product "Phpmyadmin" and version "2.11.5.1"		-		Affected
Phpmyadmin Search vendor "Phpmyadmin"		Phpmyadmin Search vendor "Phpmyadmin" for product "Phpmyadmin"				2.11.5.2 Search vendor "Phpmyadmin" for product "Phpmyadmin" and version "2.11.5.2"		-		Affected
Phpmyadmin Search vendor "Phpmyadmin"		Phpmyadmin Search vendor "Phpmyadmin" for product "Phpmyadmin"				2.11.5rc1 Search vendor "Phpmyadmin" for product "Phpmyadmin" and version "2.11.5rc1"		-		Affected
Phpmyadmin Search vendor "Phpmyadmin"		Phpmyadmin Search vendor "Phpmyadmin" for product "Phpmyadmin"				2.11.6 Search vendor "Phpmyadmin" for product "Phpmyadmin" and version "2.11.6"		-		Affected
Phpmyadmin Search vendor "Phpmyadmin"		Phpmyadmin Search vendor "Phpmyadmin" for product "Phpmyadmin"				2.11.6rc1 Search vendor "Phpmyadmin" for product "Phpmyadmin" and version "2.11.6rc1"		-		Affected
Phpmyadmin Search vendor "Phpmyadmin"		Phpmyadmin Search vendor "Phpmyadmin" for product "Phpmyadmin"				2.11.7 Search vendor "Phpmyadmin" for product "Phpmyadmin" and version "2.11.7"		-		Affected
Phpmyadmin Search vendor "Phpmyadmin"		Phpmyadmin Search vendor "Phpmyadmin" for product "Phpmyadmin"				2.11.8 Search vendor "Phpmyadmin" for product "Phpmyadmin" and version "2.11.8"		-		Affected