phpMyAdmin setup.php save Action Arbitrary PHP Code Injection (PMASA-2009-3)

high Nessus Plugin ID 36170

Synopsis

The remote web server contains a PHP application that may allow execution of arbitrary code.

Description

The setup script included with the version of phpMyAdmin installed on the remote host does not properly sanitize user-supplied input to several variables before using them to generate a config file for the application. Using specially crafted POST requests, an unauthenticated, remote attacker may be able to leverage this issue to execute arbitrary PHP code.

Note that the application is also reportedly affected by several other issues, although Nessus has not actually checked for them.

Solution

Upgrade to phpMyAdmin 2.11.9.5 / 3.1.3.1 or apply the patch referenced in the project's advisory.

See Also

http://www.phpmyadmin.net/home_page/security/PMASA-2009-3.php

Plugin Details

Severity: High

ID: 36170

File Name: phpmyadmin_pmasa_2009_3.nasl

Version: 1.26

Type: remote

Family: CGI abuses

Published: 4/16/2009

Updated: 12/5/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.5

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2009-1151

Vulnerability Information

CPE: cpe:/a:phpmyadmin:phpmyadmin

Required KB Items: www/phpMyAdmin, www/PHP

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: No exploit is required

CISA Known Exploited Vulnerability Due Dates: 4/15/2022

Exploitable With

CANVAS (CANVAS)

Core Impact

Metasploit (PhpMyAdmin Config File Code Injection)

Elliot (Phpmyadmin File Upload)

Reference Information

CVE: CVE-2009-1151

BID: 34236

CWE: 94

SECUNIA: 34430