SECUNIA ADVISORY ID: SA31884
VERIFY ADVISORY: http://secunia.com/advisories/31884/
CRITICAL: Moderately critical
IMPACT: System access
SOFTWARE: phpMyAdmin 2.x - http://secunia.com/advisories/product/1720/
DESCRIPTION: Norman Hippert has reported a vulnerability in phpMyAdmin, which can be exploited by malicious users to compromise a vulnerable system. The vulnerability is reported in all versions prior to 2.11.9.1.
Input passed to the "sort_by" parameter in server_databases.php is not properly sanitised before being used. This can be exploited to execute arbitrary PHP code. Successful exploitation requires valid user credentials.
SOLUTION: Update to version 2.11.9.1.
PROVIDED AND/OR DISCOVERED BY: Norman Hippert
ORIGINAL ADVISORY: PMASA-2008-7: http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-7
Norman Hippert: http://fd.the-wildcat.de/pma_e36a091q11.php
|
This article comes from Ravens PHP Scripts
https://www.ravenphpscripts.com
The URL for this story is:
https://www.ravenphpscripts.com/modules.php?name=News&file=article&sid=3451
https://www.ravenphpscripts.com
The URL for this story is:
https://www.ravenphpscripts.com/modules.php?name=News&file=article&sid=3451