Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

De la Théorie à la pratique





















Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Vigil@nce: phpMyAdmin, code execution via server_databases.php

September 2008 by Vigil@nce

An attacker with a phpMyAdmin account can use server_databases.php to execute code on the server.

- Gravity: 2/4
- Consequences: privileged access/rights
- Provenance: user account
- Means of attack: 1 attack
- Ability of attacker: technician (2/4)
- Confidence: confirmed by the editor (5/5)
- Diffusion of the vulnerable configuration: high (3/3)
- Creation date: 16/09/2008
- Identifier: VIGILANCE-VUL-8110

IMPACTED PRODUCTS

- Unix - plateform

DESCRIPTION

The server_databases.php script of phpMyAdmin manages the database (create, delete). Access to this script is restricted to authenticated phpMyAdmin users.

The PMA_DBI_get_databases_full() function of the database_interface.lib.php file returns the sorted database list. The sorting function is dynamically created with create_function(), from the value of $sort_by. However, this value is a parameter of server_databases.php.

An authenticated attacker can therefore execute PHP code, which can call external code with exec().

CHARACTERISTICS

- Identifiers: BID-31188, CVE-2008-4096, PMASA-2008-7, VIGILANCE-VUL-8110
- Url: https://vigilance.aql.fr/tree/1/8110




See previous articles

    

See next articles