Description
libraries/database_interface.lib.php in phpMyAdmin before 2.11.9.1 allows remote authenticated users to execute arbitrary code via a request to server_databases.php with a sort_by parameter containing PHP sequences, which are processed by create_function.
Remediation
References
Related Vulnerabilities
WordPress Plugin Google Sitemap by BestWebSoft Cross-Site Scripting (2.9.1)
Oracle Database Server Other Vulnerability (CVE-2006-1869)
WordPress Plugin Mikiurl WordPress Eklentisi Cross-Site Request Forgery (2.0)
ownCloud Other Vulnerability (CVE-2014-2054)
WordPress Plugin Page Generator Cross-Site Scripting (1.5.8)