Lucene search
RootSSV:20704HistoryJul 07, 2011 - 12:00 a.m.
phpMyAdmin 3.x 多个安全漏洞
2011-07-0700:00:00
Root
www.seebug.org
25
0.352 Low
EPSS
Percentile
96.7%
CVE ID: CVE-2011-2505,CVE-2011-2506,CVE-2011-2507,CVE-2011-2508
phpMyAdmin是用PHP编写的工具,用于通过WEB管理MySQL。
phpMyAdmin在实现上存在多个漏洞,可被恶意用户利用泄露敏感信息并控制受影响系统。
1)libraries/auth/swekey/swekey.auth.lib.php中的"Swekey_login()"函数中存在错误,可被利用覆盖会话变量并注入和执行任意PHP代码;
2)传递到libraries/server_synchronize.lib.php中的"PMA_createTargetTables()"函数的输入在调用带有e修饰符的"preg_replace()"函数之前没有正确过滤,可被利用通过URL编码的NULL字节执行任意PHP代码;
3)传递到libraries/display_tbl.lib.php中的"PMA_displayTableBody()"函数的输入在用于包括文件之前没有正确过滤,可被利用通过目录遍历序列包含本地资源中的任意文件。
phpMyAdmin 3.x
厂商补丁:
phpMyAdmin
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
Related
nessus
nessus
securityvulns
securityvulns
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
2011-07-13 00:00:00
phpMyAdmin 3.x Multiple Remote Code Executions
2011-07-13 00:00:00
[SECURITY] [DSA 2286-1] phpmyadmin security update
2011-08-01 00:00:00
openvas
openvas
FreeBSD Ports: phpmyadmin
2011-08-03 00:00:00
Fedora Update for phpMyAdmin FEDORA-2011-9144
2011-07-18 00:00:00
FreeBSD Ports: phpmyadmin
2011-08-03 00:00:00
seebug
seebug
phpMyAdmin 3.x Multiple Remote Code Executions
2011-07-09 00:00:00
phpMyAdmin3 (pma3) Remote Code Execution Exploit
2011-07-10 00:00:00
phpMyAdmin 3.x Swekey Remote Code Injection Exploit
2011-07-09 00:00:00
freebsd
freebsd
phpmyadmin -- multiple vulnerabilities
2011-07-02 00:00:00
packetstorm
packetstorm
phpMyAdmin 3.x Remote Code Execution
2011-07-08 00:00:00
phpMyAdmin 3.x Swekey Remote Code Injection
2011-07-09 00:00:00
phpMyAdmin3 Remote Code Execution
2011-07-09 00:00:00
dsquare
dsquare
Phpmyadmin 3.x RCE
2012-01-26 00:00:00
osv
osv
phpymadmin - several
2011-07-26 00:00:00
phpMyAdmin vulnerable to static code injection
2022-05-14 02:55:16
phpMyAdmin remote variable manipulation
2022-05-14 02:55:16
debian
debian
[SECURITY] [DSA 2286-1] phpmyadmin security update
2011-07-26 19:12:13
exploitpack
exploitpack
phpMyAdmin 3.x - Swekey Remote Code Injection
2011-07-09 00:00:00
phpMyAdmin3 (pma3) - Remote Code Execution
2011-07-08 00:00:00
exploitdb
exploitdb
phpMyAdmin 3.x - Swekey Remote Code Injection
2011-07-09 00:00:00
phpMyAdmin3 (pma3) - Remote Code Execution
2011-07-08 00:00:00
checkpoint_advisories
checkpoint_advisories
PhpMyAdmin Sweky Remote Code Injection Exploit (CVE-2011-2506)
2013-10-20 00:00:00
PhpMyAdmin Remote Variable Manipulation (CVE-2011-2505)
2013-10-20 00:00:00
phpmyadmin
phpmyadmin
Possible directory traversal.
2011-07-02 00:00:00
Possible code injection in setup script in case session variables are compromised.
2011-07-02 00:00:00
Possible session manipulation in Swekey authentication.
2011-07-02 00:00:00
debiancve
debiancve
ubuntucve
ubuntucve
cve
cve
prion
prion
Code injection
2011-07-14 23:55:00
Directory traversal
2011-07-14 23:55:00
Code injection
2011-07-14 23:55:00
github
github
phpMyAdmin vulnerable to static code injection
2022-05-14 02:55:16
phpMyAdmin remote variable manipulation
2022-05-14 02:55:16
thn
thn
threatpost
threatpost
Call for Ban on Vulnerable PHP SuperGlobal Variables
2013-09-09 14:54:04
gentoo
gentoo
phpMyAdmin: Multiple vulnerabilities
2012-01-04 00:00:00