CVE-2008-4096
EPSS 16.9%
Description
libraries/database_interface.lib.php in phpMyAdmin before 2.11.9.1 allows remote authenticated users to execute arbitrary code via a request to server_databases.php with a sort_by parameter containing PHP sequences, which are processed by create_function.
How to fix CVE-2008-4096
To remediate CVE-2008-4096, upgrade the affected package to a fixed version below.
- Debian/phpmyadmin—upgrade to 4:2.11.8.1-2 or later
Is CVE-2008-4096 being exploited?
Moderate — EPSS is 16.9%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (1)
- from 0, < 4:2.11.8.1-2