DEBIAN-CVE-2009-4605

scripts/setup.php aka the setup script in phpMyAdmin 2.11.x before 2.11.10 calls the unserialize function on the values of the 1 configuration and 2 v0 parameters, which might allow remote attackers to conduct cross-site request forgery CSRF attacks via unspecified vectors...

CVE-2009-4605

scripts/setup.php aka the setup script in phpMyAdmin 2.11.x before 2.11.10 calls the unserialize function on the values of the 1 configuration and 2 v0 parameters, which might allow remote attackers to conduct cross-site request forgery CSRF attacks via unspecified vectors...

GLSA-200906-03 : phpMyAdmin: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200906-03 phpMyAdmin: Multiple vulnerabilities Multiple vulnerabilities have been reported in phpMyAdmin: Greg Ose discovered that the setup script does not sanitize input properly, leading to the injection of arbitrary PHP code...

phpMyAdmin配置文件PHP代码注入漏洞

BUGTRAQ ID: 34526 CVECAN ID: CVE-2009-1285 phpMyAdmin是用PHP编写的工具，用于通过WEB管理MySQL。 phpMyAdmin所使用的setup脚本没有正确地过滤配置参数，如果远程攻击者向服务器提交了恶意的POST请求，就可以在所生成的配置文件中注入任意PHP代码。 phpMyAdmin phpMyAdmin 3.x phpMyAdmin phpMyAdmin 2.11.x phpMyAdmin ---------- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...

phpMyAdmin Setup Script Configuration Parameters Arbitrary PHP Code Injection (PMASA-2009-4)

The setup script included with the version of phpMyAdmin installed on the remote host does not properly sanitize user-supplied input before using it to generate a config file for the application. This version is affected by the following vulnerabilities : - The setup script inserts the unsanitize...

DSA-1641-1 phpmyadmin - several issues

Bulletin has no description...

DEBIAN-CVE-2007-5386

Cross-site scripting XSS vulnerability in scripts/setup.php in phpMyAdmin 2.11.1, when accessed by a browser that does not URL-encode requests, allows remote attackers to inject arbitrary web script or HTML via the query string...