Involved programs:
phpMyAdmin
Description:
phpMyAdmin remote PHP code injection vulnerability
Details:
phpMyAdmin is a free tool that provides a WWW management interface for managing MySQL.
phpMyAdmin has a PHP code injection problem. Remote attackers can use this eval() function to execute arbitrary PHP commands.
However, this vulnerability only works when the $cfg[‘LeftFrameLight‘] variable (config.inc.php file) is set to FALSE.
phpMyAdmin stores multiple server configurations in the ($cfg['Servers'][$i]) array variable. These configurations are included in the config.inc.php file. The information includes host, port, user, password, and verification. Type, etc., but since $cfg['Servers'][$i] has not been initialized, remote users are allowed to add server configuration through the GET function, such as submitting the following request to add configuration:
http://target/phpMyAdmin-2.5 .7/left.php?server=4&cfg[Servers][host]=202.81.x.x&cfg[Servers][port]=8888&cfg[Servers][user]=alice ..
And The $eval_string string in the eval() function allows the execution of PHP code. An attacker can increase the server configuration and submit a specially constructed table name, which can cause the contained malicious PHP code to be executed.
Affected systems:
phpMyAdmin phpMyAdmin 2.5.7
Attack method:
No effective attack code yet
Solution:
Current manufacturer No patches or upgrades have been provided yet. We recommend that users of this software always pay attention to the manufacturer's homepage to obtain the latest version:
http://www.phpmyadmin.net