CVE-2009-1151 Scanner
Detects 'Code Injection' vulnerability in phpMyAdmin affects v. 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1.
Short Info
Level
High
Type
Single Scan
Can be used by
Asset Owner
Estimated Time
15 sec
Scan only one
Domain, Ipv4
Parent Category
CVE-2009-1151 Scanner Detail
PhpMyAdmin is a popular software tool used for managing MySQL databases through a web interface. It provides users with a wide range of functionalities, including the creation and management of databases, tables, and queries. PhpMyAdmin is widely used by website owners and developers around the world for its user-friendly interface, versatility and ease of use.
CVE-2009-1151 is a static code injection vulnerability that was found in phpMyAdmin. It affects versions 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1. This vulnerability allows remote attackers to inject arbitrary PHP code into configuration files through the save action function. This means that an attacker can execute malicious code and take control of the entire system, giving them free reign over sensitive information.
When exploited, the CVE-2009-1151 vulnerability can lead to disastrous consequences. Attackers can inject malicious code and execute it, which could lead to data theft, data modification, and even system crashes or damage. Furthermore, the attacker may gain unauthorized access to sensitive information such as passwords, usernames, and other confidential data stored in the database.
Thanks to the professional features of the SecurityForeveryone.com platform, those who read this article can easily and quickly learn about vulnerabilities in their digital assets. The platform offers real-time scanning, advanced security features, and detailed reports on any potential threats and vulnerabilities. By following their suggestions and applying their recommendations, users can ensure that their systems are protected and secured from attacks.
REFERENCES
- http://labs.neohapsis.com/2009/04/06/about-cve-2009-1151/
- http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html
- http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/MAINT_2_11_9/phpMyAdmin/scripts/setup.php?r1=11514&r2=12301&pathrev=12301
- http://security.gentoo.org/glsa/glsa-200906-03.xml
- http://www.debian.org/security/2009/dsa-1824
- http://www.gnucitizen.org/blog/cve-2009-1151-phpmyadmin-remote-code-execution-proof-of-concept/
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:115
- http://www.phpmyadmin.net/home_page/security/PMASA-2009-3.php
- http://www.securityfocus.com/archive/1/504191/100/0/threaded
- http://www.securityfocus.com/bid/34236
- https://www.exploit-db.com/exploits/8921
control security posture