scripts/setup.php (aka the setup script) in phpMyAdmin 2.11.x before 2.11.10 calls the unserialize function on the values of the (1) configuration and (2) v[0] parameters, which might allow remote attackers to conduct cross-site request forgery (CSRF) attacks via unspecified vectors.

Several vulnerabilities have been discovered in phpMyAdmin, a tool to administer MySQL over the web. The Common Vulnerabilities and Exposures project identifies the following problems :

  - CVE-2008-7251     phpMyAdmin may create a temporary directory, if the     configured directory does not exist yet, with insecure     filesystem permissions.

  - CVE-2008-7252     phpMyAdmin uses predictable filenames for temporary     files, which may lead to a local denial of service     attack or privilege escalation.

  - CVE-2009-4605     The setup.php script shipped with phpMyAdmin may     unserialize untrusted data, allowing for cross site     request forgery.

The setup script included with the version of phpMyAdmin installed on the remote host does not properly sanitize user-supplied input before using it to generate a config file for the application.  Submitting a specially crafted POST request can result in arbitrary PHP code injection.

A remote attacker could exploit this issue in a cross-site request forgery attack, which could be used to execute arbitrary commands on the system with the privileges of the web server.

The remote web server is running a version of phpMyAdmin earlier than 2.11.10.  Such versions are potentially affected by multiple vulnerabilities : 

  - A cross-site request forgery attack because the application uses the 'unserialize()' PHP function on potentially unsafe data in the setup script.(CVE-2009-4605)

  - An insecure file creation and deletion vulnerability due to the way phpMyAdmin creates temporary files.

The use of unserialize() on POST data which could have lead to remote code execution (CVE-2009-4605) has been fixed as well as some minor temporary file issues (CVE-2008-7251, CVE-2008-7252).

ID	Name	Product	Family	Severity
45556	Debian DSA-2034-1 : phpmyadmin - several vulnerabilities	Nessus	Debian Local Security Checks	critical
44324	phpMyAdmin setup.php unserialize() Arbitrary PHP Code Execution (PMASA-2010-3)	Nessus	CGI abuses	high
5304	phpMyAdmin < 2.11.10 Multiple Vulnerabilities	Nessus Network Monitor	CGI	high
44044	openSUSE Security Update : phpMyAdmin (phpMyAdmin-1801)	Nessus	SuSE Local Security Checks	critical

Detections

Analytics

CVE-2009-4605

high

Tenable Plugins

critical

high

high

critical