Launchpad CVE tracker

CVE 2008-4096

libraries/database_interface.lib.php in phpMyAdmin before 2.11.9.1 allows remote authenticated users to execute arbitrary code via a request to server_databases.php with a sort_by parameter containing PHP sequences, which are processed by create_function.

Related bugs and status

CVE-2008-4096 (Candidate) is related to these bugs:

Bug #306699: please sync phpmyadmin for intrepid with 4:2.11.8.1-5 from debian stable

Summary				In	Importance	Status
	306699	please sync phpmyadmin for intrepid with 4:2.11.8.1-5 from debian stable		phpmyadmin (Ubuntu)	High	Fix Released

See the

CVE page on Mitre.org for more details.

References

MLIST: [oss-security] 2008091...
MLIST: [oss-security] 2008091...
MLIST: [phpmyadmin-news] 2008...
MISC: http://fd.the-wildcat....
CONFIRM: http://www.phpmyadmin....
BID: 31188
SECUNIA: 31884
DEBIAN: DSA-1641
CONFIRM: https://bugzilla.redha...
FEDORA: FEDORA-2008-8269
FEDORA: FEDORA-2008-8286
FEDORA: FEDORA-2008-8335
FEDORA: FEDORA-2008-8370
SECUNIA: 32034
SUSE: SUSE-SR:2009:003
SECUNIA: 33822
MANDRIVA: MDVSA-2008:202
GENTOO: GLSA-200903-32
CONFIRM: http://typo3.org/teams...
OSVDB: 48196
SECUNIA: 31918
VUPEN: ADV-2008-2619
VUPEN: ADV-2008-2585
XF: phpmyadmin-serverdatab...

Launchpad.net

CVE 2008-4096

Related bugs and status

Related bugs

References