Think you have a false positive on this rule?

Sid 1-2281

Message

SERVER-WEBAPP Setup.php access

Summary

Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allows remote attackers to inject arbitrary PHP code into a configuration file via the save action.

Impact

CVSS base score 7.5 CVSS impact score 6.4 CVSS exploitability score 10.0 confidentialityImpact PARTIAL integrityImpact PARTIAL availabilityImpact PARTIAL

CVE-2009-1151:

CVSS base score 7.5

CVSS impact score 6.4

CVSS exploitability score 10.0

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

Detailed information

CVE-2009-1151: Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allows remote attackers to inject arbitrary PHP code into a configuration file via the save action.

Affected systems

  • phpmyadmin phpmyadmin 2.11.0
  • phpmyadmin phpmyadmin 2.11.1
  • phpmyadmin phpmyadmin 2.11.1.0
  • phpmyadmin phpmyadmin 2.11.1.1
  • phpmyadmin phpmyadmin 2.11.1.2
  • phpmyadmin phpmyadmin 2.11.2
  • phpmyadmin phpmyadmin 2.11.2.0
  • phpmyadmin phpmyadmin 2.11.2.1
  • phpmyadmin phpmyadmin 2.11.2.2
  • phpmyadmin phpmyadmin 2.11.3
  • phpmyadmin phpmyadmin 2.11.3.0
  • phpmyadmin phpmyadmin 2.11.4
  • phpmyadmin phpmyadmin 2.11.5
  • phpmyadmin phpmyadmin 2.11.5.0
  • phpmyadmin phpmyadmin 2.11.5.1
  • phpmyadmin phpmyadmin 2.11.5.2
  • phpmyadmin phpmyadmin 2.11.6
  • phpmyadmin phpmyadmin 2.11.6.0
  • phpmyadmin phpmyadmin 2.11.7
  • phpmyadmin phpmyadmin 2.11.7.0
  • phpmyadmin phpmyadmin 2.11.8
  • phpmyadmin phpmyadmin 2.11.9
  • phpmyadmin phpmyadmin 2.11.9.0
  • phpmyadmin phpmyadmin 2.11.9.1
  • phpmyadmin phpmyadmin 2.11.9.2
  • phpmyadmin phpmyadmin 2.11.9.3
  • phpmyadmin phpmyadmin 2.11.9.4
  • phpmyadmin phpmyadmin 3.1.0
  • phpmyadmin phpmyadmin 3.1.1
  • phpmyadmin phpmyadmin 3.1.2
  • phpmyadmin phpmyadmin 3.1.3

Ease of attack

CVE-2009-1151:

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

False positives

None known

False negatives

None known

Corrective action

Upgrade to the latest non-affected version of the software.

Apply the appropriate vendor supplied patches.

Contributors

  • Talos research team.
  • This document was generated from data supplied by the national vulnerability database, a product of the national institute of standards and technology.
  • For more information see nvd.

Additional References