Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:18960
HistoryJan 19, 2010 - 12:00 a.m.

phpMyAdmin创建不安全文件和目录漏洞

2010-01-1900:00:00
Root
www.seebug.org
17

EPSS

0.01

Percentile

83.7%

JSON

BUGTRAQ ID: 37826
CVE ID: CVE-2008-7251,CVE-2008-7252

phpMyAdmin是用PHP编写的工具,用于通过WEB管理MySQL。

phpMyAdmin在创建临时目录时使用了完全可写的权限,在创建临时文件时使用了可预测的文件名。本地或远程攻击者可以非授权修改文件,或通过符号链接攻击获得权限提升。

phpMyAdmin 2.11.x
厂商补丁:

phpMyAdmin

目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin?view=rev&revision=11536
http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin?view=rev&revision=11528

Related

openvas 5
debian 1
osv 2
nessus 3
prion 2
cvelist 2
debiancve 2
github 1
phpmyadmin 2
ubuntucve 2
cve 2
nvd 2
gentoo 1
openvas
openvas
phpMyAdmin Insecure Temporary File and Directory Creation Vulnerabilities
2010-01-18 00:00:00
Debian: Security Advisory (DSA-2034-1)
2010-05-04 00:00:00
Debian Security Advisory DSA 2034-1 (phpmyadmin)
2010-05-04 00:00:00
debian
debian
[SECURITY] [DSA 2034-1] New phpmyadmin packages fix several vulnerabilities
2010-04-17 12:35:52
osv
osv
phpmyadmin - several vulnerabilities
2010-04-17 00:00:00
phpMyAdmin unsafely handles temporary files
2022-05-17 05:44:03
nessus
nessus
openSUSE Security Update : phpMyAdmin (phpMyAdmin-1801)
2010-01-18 00:00:00
Debian DSA-2034-1 : phpmyadmin - several vulnerabilities
2010-04-19 00:00:00
GLSA-201201-01 : phpMyAdmin: Multiple vulnerabilities
2012-01-05 00:00:00
prion
prion
Design/Logic Flaw
2010-01-19 16:30:00
Code injection
2010-01-19 16:30:00
cvelist
cvelist
CVE-2008-7252
2010-01-19 16:00:00
CVE-2008-7251
2010-01-19 16:00:00
debiancve
debiancve
CVE-2008-7252
2010-01-19 16:30:00
CVE-2008-7251
2010-01-19 16:30:00
github
github
phpMyAdmin unsafely handles temporary files
2022-05-17 05:44:03
phpmyadmin
phpmyadmin
Unsafe handling of temporary directory
2010-01-15 00:00:00
Unsafe handling of temporary files
2010-01-15 00:00:00
ubuntucve
ubuntucve
CVE-2008-7251
2010-01-19 00:00:00
CVE-2008-7252
2010-01-19 00:00:00
cve
cve
CVE-2008-7251
2010-01-19 16:30:00
CVE-2008-7252
2010-01-19 16:30:00
nvd
nvd
CVE-2008-7251
2010-01-19 16:30:00
CVE-2008-7252
2010-01-19 16:30:00
gentoo
gentoo
phpMyAdmin: Multiple vulnerabilities
2012-01-04 00:00:00

EPSS

0.01

Percentile

83.7%

JSON
Related for SSV:18960
openvas5debian1osv2nessus3prion2cvelist2debiancve2github1phpmyadmin2ubuntucve2cve2nvd2gentoo1