phpmyadmin -- multiple vulnerabilities

2011-07-02T00:00:00
ID 7E4E5C53-A56C-11E0-B180-00216AA06FC2
Type freebsd
Reporter FreeBSD
Modified 2011-07-28T00:00:00

Description

The phpMyAdmin development team reports:

It was possible to manipulate the PHP session superglobal using some of the Swekey authentication code. This could open a path for other attacks.

An unsanitized key from the Servers array is written in a comment of the generated config. An attacker can modify this key by modifying the SESSION superglobal array. This allows the attacker to close the comment and inject code.

Through a possible bug in PHP running on Windows systems a NULL byte can truncate the pattern string allowing an attacker to inject the /e modifier causing the preg_replace function to execute its second argument as PHP code.

Fixed filtering of a file path in the MIME-type transformation code, which allowed for directory traversal.