1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. Attack: phpMyAdmin CVE-2009-4605

Attack: phpMyAdmin CVE-2009-4605

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempts to exploit a vulnerability in phpMyAdmin which may result in remote code execution.

Additional Information

phpMyAdmin is a web-based administration interface for MySQL databases; it is implemented in PHP.

The application is prone to a vulnerability that lets attackers execute arbitrary files. The issue occurs because the application fails to sanitize user-supplied data passed to the 'unserialize()' function.

An attacker can exploit this issue to execute arbitrary code in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible.

Affected

  • Versions prior to phpMyAdmin 3.0.0 or 2.11.10 are vulnerable.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube