CVE-2012-5159

phpMyAdmin <3.5.2.2 - RCE

Title source: llm

Description

phpMyAdmin 3.5.2.2, as distributed by the cdnetworks-kr-1 mirror during an unspecified time frame in 2012, contains an externally introduced modification (Trojan Horse) in server_sync.php, which allows remote attackers to execute arbitrary PHP code via an eval injection attack.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Metasploit · rubywebappsphp
https://www.exploit-db.com/exploits/21834
metasploit WORKING POC NORMAL
by hdm · rubypocphp
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/phpmyadmin_3522_backdoor.rb

References (4)

Scores

EPSS 0.8794
EPSS Percentile 99.5%

Details

CWE
CWE-94
Status published
Products (1)
phpmyadmin/phpmyadmin 3.5.2.2
Published Sep 25, 2012
Tracked Since Feb 18, 2026