phpmyfamily document.php SQL Injection

2005-03-21T00:00:00
ID OSVDB:14911
Type osvdb
Reporter kre0n(adz.kreon@gmail.com)
Modified 2005-03-21T00:00:00

Description

Vulnerability Description

phpmyfamily contains a flaw that may allow a remote attacker to inject arbitrary SQL queries. The issue is due to improper validation of user-supplied input upon submission to the 'document.php' script and may allow a remote attacker to inject or manipulate SQL queries. No further details have been provided.

Solution Description

Upgrade to version 1.4.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

phpmyfamily contains a flaw that may allow a remote attacker to inject arbitrary SQL queries. The issue is due to improper validation of user-supplied input upon submission to the 'document.php' script and may allow a remote attacker to inject or manipulate SQL queries. No further details have been provided.

References:

Vendor URL: http://www.phpmyfamily.net/ Security Tracker: 1013493 Secunia Advisory ID:14642 Related OSVDB ID: 14908 Related OSVDB ID: 14913 Related OSVDB ID: 14909 Related OSVDB ID: 14910 Related OSVDB ID: 14912 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-03/0358.html ISS X-Force ID: 19787 CVE-2005-0841 Bugtraq ID: 12860