Vulnerability in N/a
CVE-2009-1151
Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allows remote attackers to inject arbitrary PHP code into a configuration file via the save action.
EPSS: 0.933 (99.8th percentile) — read the EPSS interpretation.
Affected products
- N/a — versions n/a
CISA KEV (Known Exploited Vulnerabilities)
This CVE is on the CISA KEV catalog, added on . CISA KEV inclusion means CISA has confirmed in-the-wild exploitation; US federal agencies are required to remediate within a published due date.
BOD 22-01 due date: .
Required action: Apply updates per vendor instructions.
Public proof-of-concept exploits
References
- www.phpmyadmin.net/home_page/security/PMASA-2009-3.php (x_refsource_CONFIRM)
- GLSA-200906-03 (vendor-advisory, x_refsource_GENTOO)
- 34642 (x_refsource_SECUNIA, third-party-advisory)
- www.gnucitizen.org/blog/cve-2009-1151-phpmyadmin-remote-code-execution-proof-of… (x_refsource_MISC)
- 20090609 CVE-2009-1151: phpMyAdmin Remote Code Execution Proof of Concept (mailing-list, x_refsource_BUGTRAQ)
- DSA-1824 (vendor-advisory, x_refsource_DEBIAN)
- SUSE-SR:2009:008 (vendor-advisory, x_refsource_SUSE)
- MDVSA-2009:115 (vendor-advisory, x_refsource_MANDRIVA)
- 34236 (vdb-entry, x_refsource_BID)
- 34430 (x_refsource_SECUNIA, third-party-advisory)
Frequently asked questions
- What is CVE-2009-1151?
- CVE-2009-1151 is a vulnerability in N/a. Published 2009-03-26.
- Is CVE-2009-1151 known to be exploited?
- Yes. CVE-2009-1151 is listed in the CISA Known Exploited Vulnerabilities catalog (added 2022-03-25), indicating it is being actively exploited. 23 public proof-of-concept repositories are indexed.