Description
libraries/database_interface.lib.php in phpMyAdmin before 2.11.9.1 allows remote authenticated users to execute arbitrary code via a request to server_databases.php with a sort_by parameter containing PHP sequences, which are processed by create_function.
Remediation
References
Related Vulnerabilities
MySQL CVE-2022-21486 Vulnerability (CVE-2022-21486)
Jboss EAP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-12167)
WordPress Plugin DM Albums 'album.php' Remote File Inclusion (1.9.2)
Django Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2023-46695)
WordPress Plugin View All Post's Pages Cross-Site Scripting (0.9)