CVE-2009-1151
KEV
🔴 Łataj teraz
Wstrzyknięcie kodu w phpMyAdmin umożliwia zdalne wprowadzenie dowolnego kodu PHP.
CVSS
9.8
EPSS
93.0%
Exploit
weaponized
Vendor
debian
Opis źródłowy (NVD)
Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allows remote attackers to inject arbitrary PHP code into a configuration file via the save action.
exploit
Brak patcha
Źródła i daty
| Źródło | Wartość |
|---|---|
| NVD – CVSS | 9.8 |
| CISA KEV (aktywnie wykorzystywane) | Tak |
| FIRST EPSS (prawdopodobieństwo exploita) | 93.0% |
| Opublikowano (NVD) | 2009-03-26 14:30:00 UTC |
| Ostatnia modyfikacja (NVD) | 2026-04-22 14:13:07 UTC |
Referencje
- http://labs.neohapsis.com/2009/04/06/about-cve-2009-1151/ (cve@mitre.org) [Broken Link]
- http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html (cve@mitre.org) [Product]
- http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/MAINT_2_11_9/phpMyAdmin/scripts/setup.php?r1=11514&r2=12301&pathrev=12301 (cve@mitre.org) [Vendor Advisory]
- http://secunia.com/advisories/34430 (cve@mitre.org) [Broken Link, Vendor Advisory]
- http://secunia.com/advisories/34642 (cve@mitre.org) [Broken Link, Vendor Advisory]
- http://secunia.com/advisories/35585 (cve@mitre.org) [Broken Link, Vendor Advisory]
- http://secunia.com/advisories/35635 (cve@mitre.org) [Broken Link, Vendor Advisory]
- http://security.gentoo.org/glsa/glsa-200906-03.xml (cve@mitre.org) [Third Party Advisory]
- http://www.debian.org/security/2009/dsa-1824 (cve@mitre.org) [Mailing List]
- http://www.gnucitizen.org/blog/cve-2009-1151-phpmyadmin-remote-code-execution-proof-of-concept/ (cve@mitre.org) [Exploit, Issue Tracking]
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:115 (cve@mitre.org) [Broken Link]
- http://www.phpmyadmin.net/home_page/security/PMASA-2009-3.php (cve@mitre.org) [Patch, Vendor Advisory]
- http://www.securityfocus.com/archive/1/504191/100/0/threaded (cve@mitre.org) [Broken Link, Third Party Advisory, VDB Entry]
- http://www.securityfocus.com/bid/34236 (cve@mitre.org) [Broken Link, Third Party Advisory, VDB Entry]
- https://www.exploit-db.com/exploits/8921 (cve@mitre.org) [Exploit, Third Party Advisory, VDB Entry]
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2009-1151 (134c704f-9b21-4f2e-91b3-4a467353bcc0) [US Government Resource]