phpMyAdmin Code Execution Vulnerability
- Reported: 14.09.2008
- Published: 15.09.2008
- Updated: 16.09.2008
- Affected versions: phpMyAdmin-3.0.0 RC1 and before and <= phpMyAdmin-220.127.116.11
- Risk: High
- Solution: Upgrade to phpMyAdmin 18.104.22.168 or newer.
I discovered a Code execution vulnerability in RC1 release of phpMyAdmin-3.0.0
The attacker needs a valid token, but it is still a serious security problem
for shared hosting or something similar.
The problem also occurs in phpMyAdmin-2.x but it is not as easy to exploit as in 3.0
I will publish more informations some days after the patch is released
server_databases.php?pos=0&dbstats=0&sort_by="]) OR exec('cp $(pwd)"/config.inc.php" config.txt'); //&sort_order=desc&token=[valid token].
For the sake of completness, 2 XSS Vulnerabilities
The attacker needs also a valid token, so this is not a security problem.
The first one occured in phpMyAdmin3
The next one concerns the actual phpMyAdmin2 release and phpMyAdmin-3.0.0 RC1: