PHPMyAdmin Setup Config Remote Code Execution Exploit

Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allows remote attackers to inject arbitrary PHP code into a configuration file via the save action.
Vulnerabilty ID: 
CVE-2009-1151
Released Date: 
Thursday, July 30, 2009 - 19:00