← back
CVE-2009-1151

CVE-2009-1151

CVSS 9.8 CRITICALEPSS 95.4%● KEVCWE-94
Vexday Risk Score
100Fix now
SSVC decision (CISA)
Act
Exploitation + impact → act immediately
CVSS 9.8EPSS 95.4%KEV simPoC públicaNuclei simMetasploit simPatch referenciado
Lifecycle
24 Mar 2009Metasploit module available
26 Mar 2009Published on NVD
22 Jun 2009Public PoC
25 Mar 2022Active exploitation (CISA KEV)
Recommendation: Patch as soon as possible — active exploitation confirmed.
In short

phpMyAdmin allows attackers to inject malicious PHP code into configuration files through the setup interface. This can give attackers complete control over the database server and all its data.

Technical detail

Remote code injection vulnerability in setup.php (CWE-94) affecting phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1. The save action fails to properly validate or sanitize input, allowing unauthenticated attackers to execute arbitrary PHP code via configuration file manipulation, resulting in complete system compromise.

Summary generated and translated by AI from the official description.
Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allows remote attackers to inject arbitrary PHP code into a configuration file via the save action.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/a
public PoCs found6
githubgithub.com/pagvac/pocs6githubgithub.com/e-Thug/PhpMyAdmin1githubgithub.com/tpdlshdmlrkfmcla/ZmEu0cve_referencewww.exploit-db.com/exploits/8921unverifiedexploitdbwww.exploit-db.com/exploits/8992unverifiedexploitdbwww.exploit-db.com/exploits/16913unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://labs.neohapsis.com/2009/04/06/about-cve-2009-1151/http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.htmlhttp://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/MAINT_2_11_9/phpMyAdmin/scripts/setup.php?r1=11514&r2=12301&pathrev=12301http://secunia.com/advisories/34430http://secunia.com/advisories/34642http://secunia.com/advisories/35585http://secunia.com/advisories/35635http://security.gentoo.org/glsa/glsa-200906-03.xmlhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2009-1151https://www.exploit-db.com/exploits/8921http://www.debian.org/security/2009/dsa-1824http://www.gnucitizen.org/blog/cve-2009-1151-phpmyadmin-remote-code-execution-proof-of-concept/