Signature Detail

HTTP: phpMyAdmin server_databases Remote Code Execution

This signature detects attempts to exploit a known vulnerability against phpMyAdmin. A successful attack can lead to arbitrary code execution.

Extended Description

phpMyAdmin is prone to a vulnerability that attackers can leverage to execute arbitrary commands. This issue occurs because the application fails to adequately sanitize user-supplied input. Successful attacks can compromise the affected application and possibly the underlying computer. This issue affects versions prior to phpMyAdmin 2.11.9.1.

Affected Products

• Debian Linux 4.0
• Debian Linux 4.0 Alpha
• Debian Linux 4.0 Amd64
• Debian Linux 4.0 Arm
• Debian Linux 4.0 Hppa
• Debian Linux 4.0 Ia-32
• Debian Linux 4.0 Ia-64
• Debian Linux 4.0 M68k
• Debian Linux 4.0 Mips
• Debian Linux 4.0 Mipsel
• Debian Linux 4.0 Powerpc
• Debian Linux 4.0 S/390
• Debian Linux 4.0 Sparc
• Gentoo Linux
• Mandriva Corporate Server 4.0
• Mandriva Corporate Server 4.0.0 X86 64
• phpMyAdmin 2.10.0.1
• phpMyAdmin 2.10.0.2
• phpMyAdmin 2.11.1
• phpMyAdmin 2.11.1.1
• phpMyAdmin 2.11.1.2
• phpMyAdmin 2.11.2.1
• phpMyAdmin 2.11.2.2
• phpMyAdmin 2.11.4
• phpMyAdmin 2.11.5
• phpMyAdmin 2.11.5.1
• phpMyAdmin 2.11.5.2
• phpMyAdmin 2.11.7
• phpMyAdmin 2.11.8
• phpMyAdmin 2.11.8.1
• phpMyAdmin 2.11.9
• phpMyAdmin 2.9.1
• phpMyAdmin 2.9.1.1
• phpMyAdmin 2.9.2-Rc1
• Red Hat Fedora 8
• Red Hat Fedora 9
• SuSE openSUSE 10.3
• SuSE openSUSE 11.0
• SuSE openSUSE 11.1
• Turbolinux Appliance Server 3.0
• Turbolinux Appliance Server 3.0 X64
• Typo3 phpMyAdmin 0.2.2
• Typo3 phpMyAdmin 3.0.0
• Typo3 phpMyAdmin 3.0.1
• Typo3 phpMyAdmin 3.2.0

References

• BugTraq: 31188
• CVE: CVE-2008-4096
• URL: http://fd.the-wildcat.de/pma_e36a091q11.php