Candidate: CVE-2008-4096
PublicDate: 2008-09-18 15:04:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4096
Description:
 libraries/database_interface.lib.php in phpMyAdmin before 2.11.9.1 allows
 remote authenticated users to execute arbitrary code via a request to
 server_databases.php with a sort_by parameter containing PHP sequences,
 which are processed by create_function.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_phpmyadmin:
 upstream: http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/trunk/phpMyAdmin/libraries/database_interface.lib.php?r1=11492&r2=11585
upstream_phpmyadmin: released (2.11.9.1)
dapper_phpmyadmin: ignored (reached end-of-life)
feisty_phpmyadmin: needs-triage (reached end-of-life)
gutsy_phpmyadmin: needs-triage (reached end-of-life)
hardy_phpmyadmin: released (4:2.11.3-1ubuntu1.2)
intrepid_phpmyadmin: released (4:2.11.8.1-1ubuntu0.1)
jaunty_phpmyadmin: not-affected (4:3.1.2-1)
karmic_phpmyadmin: not-affected (4:3.1.2-1)
devel_phpmyadmin: not-affected (4:3.1.2-1)