Lucene search

K
suseSuseSUSE-SA:2006:004
HistoryJan 26, 2006 - 1:53 p.m.

remote code execution in phpMyAdmin

2006-01-2613:53:52
lists.opensuse.org
32

EPSS

0.975

Percentile

100.0%

Stefan Esser discovered a bug in in the register_globals emulation of phpMyAdmin that allowes to overwrite variables. An attacker could exploit the bug to ultimately execute code (CVE-2005-4079). Additionally several cross-site-scripting bugs were discovered (CVE-2005-3787, CVE-2005-3665). We have released a version update to phpMyAdmin-2.7.0-pl2 which addresses the issues mentioned above.

Solution

There is no known workaround, please install the update packages.