Code injection

DataLife Engine DLE 9.7 allows remote attackers to execute arbitrary PHP code via the catlist parameter to engine/preview.php, which is used in a pregreplace function call with an e modifier...

DB quote_identifier(), possible injection

The method "quoteidentifier" which is used in the DB class to make sure identifiers are quoted can be vulnerable for injection if uncleaned GET variables are passed to it, due to the way pregreplace has been used with the "/e" modifier. All released versions are affected. This has been addressed ...

PHP-Fusion: source code security analysis report

Several vulnerabilities were discovered in PHP-Fusion 'PHP-Fusion' software: Incorrect User Input Filtration when Connecting to External Files File System Path Manipulation Incorrect User Input Filtration when Using Regular Expressions while Calling the pregreplace Function Using Insufficiently...

CVE-2012-6554

functions/htmltotext.php in the Chat module before 1.5.2 for activeCollab allows remote authenticated users to execute arbitrary PHP code via the messagemessagetext parameter to chat/addmessag, which is not properly handled when executing the pregreplace function with the eval switch...

CVE-2012-6554

functions/htmltotext.php in the Chat module before 1.5.2 for activeCollab allows remote authenticated users to execute arbitrary PHP code via the messagemessagetext parameter to chat/addmessag, which is not properly handled when executing the pregreplace function with the eval switch...

phpMyAdmin preg_replace from_prefix sanitization vulnerability

Added: 05/20/2013 CVE: CVE-2013-3238 BID: 59460 OSVDB: 92793 Background phpMyAdmin is a free software tool, written in PHP, designed to handle the administration of MySQL over the Web. Problem phpMyAdmin before 3.5.8.1 is vulnerable to code injection as a result of failure to sanitize input passe...

phpMyAdmin preg_replace from_prefix sanitization vulnerability

Added: 05/20/2013 CVE: CVE-2013-3238 BID: 59460 OSVDB: 92793 Background phpMyAdmin is a free software tool, written in PHP, designed to handle the administration of MySQL over the Web. Problem phpMyAdmin before 3.5.8.1 is vulnerable to code injection as a result of failure to sanitize input passe...

[waraxe-2013-SA#103] - Multiple Vulnerabilities in phpMyAdmin

waraxe-2013-SA103 - Multiple Vulnerabilities in phpMyAdmin =============================================================================== Author: Janek Vind "waraxe" Date: 25. April 2013 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-103.html Description of vulnerable software:...

Mandriva Linux Security Advisory : phpmyadmin (MDVSA-2013:160)

Updated phpmyadmin package fixes security vulnerabilities : In some PHP versions, the pregreplace\ function can be tricked into executing arbitrary PHP code on the server. This is done by passing a crafted argument as the regular expression, containing a null byte. phpMyAdmin does not correctly...

phpMyAdmin preg_replace()远程PHP代码执行

BUGTRAQ ID: 59460 CVECAN ID: CVE-2013-3238 phpmyadmin是MySQL数据库的在线管理工具，主要功能包括在线创建数据表、运行SQL语句、搜索查询数据以及导入导出数据等。 phpMyAdmin 3.5.8、4.0.0-rc2及其他版本的pregreplace函数可被利用在服务器端执行任意PHP代码，攻击者用特制参数作为常规表达式，在此表达式内包含空字节，当phpMyAdmin使用"Replace table prefix"功能时，会错误地过滤传递到pregreplace的特制参数。导致在Web服务器上下文中执行任意PHP代码。 0...

CVE-2013-3238

phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3 allows remote authenticated users to execute arbitrary code via a /e\x00 sequence, which is not properly handled before making a pregreplace function call within the "Replace table prefix" feature...

phpMyAdmin 3.5.8 and 4.0.0-RC2 - Multiple Vulnerabilities

phpMyAdmin versions 3.5.8 and 4.0.0-RC2 suffer from multiple remote code execution, local file inclusion, and array overwrite vulnerabilities. Multiple Vulnerabilities in phpMyAdmin =============================================================================== Author: Janek Vind "waraxe" Date: 2...

phpMyAdmin 3.5.8/4.0.0-RC2 - Multiple Vulnerabilities

waraxe-2013-SA103 - Multiple Vulnerabilities in phpMyAdmin =============================================================================== Author: Janek Vind "waraxe" Date: 25. April 2013 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-103.html Description of vulnerable software:...

phpMyAdmin 3.5.8 / 4.0.0-RC2 Code Execution / LFI / Overwrite

waraxe-2013-SA103 - Multiple Vulnerabilities in phpMyAdmin =============================================================================== Author: Janek Vind "waraxe" Date: 25. April 2013 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-103.html Description of vulnerable software:...

FreeBSD : phpMyAdmin -- Multiple security vulnerabilities (8c8fa44d-ad15-11e2-8cea-6805ca0b3d42)

The phpMyAdmin development team reports : In some PHP versions, the pregreplace function can be tricked into executing arbitrary PHP code on the server. This is done by passing a crafted argument as the regular expression, containing a null byte. phpMyAdmin does not correctly sanitize an argument...

Remote code execution via preg_replace().

PMASA-2013-2 Announcement-ID: PMASA-2013-2 Date: 2013-04-24 Summary Remote code execution via pregreplace. Description In some PHP versions, the pregreplace function can be tricked into executing arbitrary PHP code on the server. This is done by passing a crafted argument as the regular expressio...

DataLife Engine preview.php PHP Code Injection

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'DataLife Engine preview.php PHP Code...

DataLife Engine - 'preview.php' PHP Code Injection (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'DataLife Engine preview.php PHP Code...

DataLife Engine preview.php PHP Code Injection

Exploit for php platform in category remote exploits require 'msf/core' class Metasploit3 'DataLife Engine preview.php PHP Code Injection', 'Description' = %q This module exploits a PHP code injection vulnerability DataLife Engine 9.7. The vulnerability exists in preview.php, due to an insecure...

DataLife Engine preview.php PHP Code Injection

This module exploits a PHP code injection vulnerability DataLife Engine 9.7. The vulnerability exists in preview.php, due to an insecure usage of pregreplace with the e modifier, which allows to inject arbitrary php code, when there is a template installed which contains a catlist or not-catlist...