3 matches found
phpMyAdmin Global Variable Scope Injection Vulnerability (PMASA-2013-7) - Linux
phpMyAdmin is prone to a global variable scope injection vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
phpMyAdmin <= 4.0.4.1 import.php GLOBALS变量注入漏洞
CVECAN ID: CVE-2013-4729 phpmyadmin是MySQL数据库的在线管理工具,主要功能包括在线创建数据表、运行SQL语句、搜索查询数据以及导入导出数据等。 phpMyAdmin 4.0.4.1之前版本内的import.php没有正确限制文件格式定义数据输入权限,可使经过身份验证的远程用户修改GLOBALS超级全局数组,然后通过特制的请求更改配置。 0 phpMyAdmin = 4.0.4.1 厂商补丁: phpMyAdmin ---------- phpMyAdmin已经为此发布了一个安全公告(PMASA-2013-7)以及相应补丁:...
phpMyAdmin 4.x < 4.0.4.1 import.php GLOBALS Variable Injection Configuration Parameter Manipulation (PMASA-2013-7)
According to its self-identified version number, the phpMyAdmin 4.x install hosted on the remote web server is earlier than 4.0.4.1 and, therefore, contains a flaw where the 'import.php' script does not properly sanitize input. This could allow attackers to inject arbitrary GLOBALS variables and...