Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2009-1151 | First vendor Publication | 2009-03-26 |
| Vendor | Cve | Last vendor Modification | 2025-03-14 |
Security-Database Scoring CVSS v3
| Cvss vector : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | |||
|---|---|---|---|
| Overall CVSS Score | 9.8 | ||
| Base Score | 9.8 | Environmental Score | 9.8 |
| impact SubScore | 5.9 | Temporal Score | 9.8 |
| Exploitabality Sub Score | 3.9 | ||
| Attack Vector | Network | Attack Complexity | Low |
| Privileges Required | None | User Interaction | None |
| Scope | Unchanged | Confidentiality Impact | High |
| Integrity Impact | High | Availability Impact | High |
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 7.5 | Attack Range | Network |
| Cvss Impact Score | 6.4 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allows remote attackers to inject arbitrary PHP code into a configuration file via the save action. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1151 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:13714 | |||
| Oval ID: | oval:org.mitre.oval:def:13714 | ||
| Title: | DSA-1824-1 phpmyadmin -- several | ||
| Description: | Several remote vulnerabilities have been discovered in phpMyAdmin, a tool to administer MySQL over the web. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-1150 Cross site scripting vulnerability in the export page allow for an attacker that can place crafted cookies with the user to inject arbitrary web script or HTML. CVE-2009-1151 Static code injection allows for a remote attacker to inject arbitrary code into phpMyAdmin via the setup.php script. This script is in Debian under normal circumstances protected via Apache authentication. However, because of a recent worm based on this exploit, we are patching it regardless, to also protect installations that somehow still expose the setup.php script. For the old stable distribution, these problems have been fixed in version 4:2.9.1.1-11. For the stable distribution, these problems have been fixed in version 4:2.11.8.1-5+lenny1. For the unstable distribution, these problems have been fixed in version 3.1.3.1-1. We recommend that you upgrade your phpmyadmin package. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1824-1 CVE-2009-1150 CVE-2009-1151 | Version: | 7 |
| Platform(s): | Debian GNU/Linux 5.0 Debian GNU/Linux 4.0 | Product(s): | phpmyadmin |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:7579 | |||
| Oval ID: | oval:org.mitre.oval:def:7579 | ||
| Title: | DSA-1824 phpmyadmin -- several vulnerabilities | ||
| Description: | Several remote vulnerabilities have been discovered in phpMyAdmin, a tool to administer MySQL over the web. The Common Vulnerabilities and Exposures project identifies the following problems: Cross site scripting vulnerability in the export page allow for an attacker that can place crafted cookies with the user to inject arbitrary web script or HTML. Static code injection allows for a remote attacker to inject arbitrary code into phpMyAdmin via the setup.php script. This script is in Debian under normal circumstances protected via Apache authentication. However, because of a recent worm based on this exploit, we are patching it regardless, to also protect installations that somehow still expose the setup.php script. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1824 CVE-2009-1150 CVE-2009-1151 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 5.0 Debian GNU/Linux 4.0 | Product(s): | phpmyadmin |
| Definition Synopsis: | |||
CPE : Common Platform Enumeration
ExploitDB Exploits
| id | Description |
|---|---|
| 2010-07-03 | PhpMyAdmin Config File Code Injection |
| 2009-06-09 | phpMyAdmin (/scripts/setup.php) PHP Code Injection Exploit |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2009-07-06 | Name : Gentoo Security Advisory GLSA 200906-03 (phpmyadmin) File : nvt/glsa_200906_03.nasl |
| 2009-06-30 | Name : Debian Security Advisory DSA 1824-1 (phpmyadmin) File : nvt/deb_1824_1.nasl |
| 2009-06-30 | Name : Ubuntu USN-792-1 (openssl) File : nvt/ubuntu_792_1.nasl |
| 2009-06-15 | Name : Ubuntu USN-785-1 (ipsec-tools) File : nvt/ubuntu_785_1.nasl |
| 2009-06-05 | Name : Ubuntu USN-776-2 (kvm) File : nvt/ubuntu_776_2.nasl |
| 2009-05-25 | Name : Mandrake Security Advisory MDVSA-2009:115 (phpMyAdmin) File : nvt/mdksa_2009_115.nasl |
| 2009-04-20 | Name : phpMyAdmin Multiple Vulnerabilities File : nvt/gb_phpmyadmin_mult_vuln_apr09.nasl |
| 2009-04-06 | Name : SuSE Security Summary SUSE-SR:2009:008 File : nvt/suse_sr_2009_008.nasl |
| 2009-03-31 | Name : Fedora Core 9 FEDORA-2009-2984 (phpMyAdmin) File : nvt/fcore_2009_2984.nasl |
| 2009-03-31 | Name : Fedora Core 10 FEDORA-2009-3006 (phpMyAdmin) File : nvt/fcore_2009_3006.nasl |
| 2009-03-31 | Name : FreeBSD Ports: phpMyAdmin211 File : nvt/freebsd_phpMyAdmin2110.nasl |
| 2009-03-26 | Name : phpMyAdmin Code Injection and XSS Vulnerability File : nvt/phpmyadmin_34236.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 53076 | phpMyAdmin setup.php save Action Arbitrary PHP Code Injection |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2014-01-10 | Setup.php access RuleID : 2281-community - Revision : 15 - Type : SERVER-WEBAPP |
| 2014-01-10 | Setup.php access RuleID : 2281 - Revision : 15 - Type : SERVER-WEBAPP |
Metasploit Database
| id | Description |
|---|---|
| 2009-03-24 | PhpMyAdmin Config File Code Injection |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_phpMyAdmin-090401.nasl - Type : ACT_GATHER_INFO |
| 2009-06-30 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1824.nasl - Type : ACT_GATHER_INFO |
| 2009-06-30 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200906-03.nasl - Type : ACT_GATHER_INFO |
| 2009-04-16 | Name : The remote web server contains a PHP application that may allow execution of ... File : phpmyadmin_pmasa_2009_3.nasl - Type : ACT_ATTACK |
| 2009-04-03 | Name : The remote openSUSE host is missing a security update. File : suse_phpMyAdmin-6133.nasl - Type : ACT_GATHER_INFO |
| 2009-03-25 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_06f9174f190f11deb2f0001c2514716c.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
| Date | Informations |
|---|---|
| 2025-03-14 17:21:40 |
|
| 2025-02-11 17:21:39 |
|
| 2024-12-19 21:21:27 |
|
| 2024-11-28 23:11:45 |
|
| 2024-11-28 12:18:39 |
|
| 2024-07-16 21:27:58 |
|
| 2021-05-05 01:05:49 |
|
| 2021-05-04 12:09:21 |
|
| 2021-04-22 01:09:42 |
|
| 2020-05-23 13:16:52 |
|
| 2020-05-23 01:40:14 |
|
| 2020-05-23 00:23:34 |
|
| 2018-11-27 12:02:45 |
|
| 2018-10-11 00:19:33 |
|
| 2018-08-15 12:02:34 |
|
| 2017-09-29 09:24:09 |
|
| 2016-04-26 18:44:06 |
|
| 2014-02-17 10:49:31 |
|
| 2014-01-19 21:25:49 |
|
| 2013-05-10 23:47:53 |
|
