phpMyAdmin 2.11.x < 126.96.36.199 / 3.x < 188.8.131.52 RCE (PMASA-2009-3)
High Nessus Network Monitor Plugin ID 700609
SynopsisThe remote web server contains a PHP application that may allow execution of arbitrary code.
DescriptionThe setup script included with the version of phpMyAdmin installed on the remote host does not properly sanitize user-supplied input to several variables before using them to generate a config file for the application. Using specially crafted POST requests, an unauthenticated, remote attacker may be able to leverage this issue to execute arbitrary PHP code.
SolutionUpgrade to phpMyAdmin version 184.108.40.206 or later. If 3.x cannot be obtained, version 220.127.116.11 has also been patched for this vulnerability.