phpMyAdmin执行任意命令漏洞

BugCVE: CAN-2001-1060 BUGTRAQ: 3121 phpMyAdmin中存在一个输入验证错误，允许远程攻击者执行任意命令。攻击者可能获取 敏感信息或者以httpd运行身份执行任意命令。 问题处在'tblcopy.php' 和 'tblrename.php'中的下列代码中: tblcopy.php: eval $message = \ $strCopyTableOK\ ; ; tblrename.php: eval $message = \ $strRenameTableOK\ ; ; 如果用户可以控制$strCopyTableOK 或...

MyPhpAdmin execute the attacker's code vulnerability-vulnerability warning-the black bar safety net

Relates to the program: myPhpAdmin Description: myPhpAdmin execute the attacker's arbitrary code exploit analysis Details: myPhpAdmin is a can through the network to the MySQL database to the control software. But found that it the vulnerability exists in the script 'tblcopy.php' and...

CVE-2001-1060

phpMyAdmin 2.2.0rc3 and earlier is affected by CVE-2001-1060. The vulnerability is tied to two PHP scripts, tbl_copy.php and tbl_rename.php, where eval is used on user-controlled values (strCopyTableOK and strRenameTableOK). An attacker can craft a URL that, under certain conditions (including th...