[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

DSA-1557 phpmyadmin -- insufficient input sanitising

ID: oval:org.mitre.oval:def:8041Date: (C)2009-12-15   (M)2024-02-19
Class: PATCHFamily: unix




Several remote vulnerabilities have been discovered in phpMyAdmin, an application to administrate MySQL over the WWW. The Common Vulnerabilities and Exposures project identifies the following problems: Attackers with CREATE table permissions were allowed to read arbitrary files readable by the webserver via a crafted HTTP POST request. The PHP session data file stored the username and password of a logged in user, which in some setups can be read by a local user. Cross site scripting and SQL injection were possible by attackers that had permission to create cookies in the same cookie domain as phpMyAdmin runs in.

Platform:
Debian 4.0
Product:
phpmyadmin
Reference:
DSA-1557
CVE-2008-1149
CVE-2008-1567
CVE-2008-1924
CVE    3
CVE-2008-1924
CVE-2008-1149
CVE-2008-1567
CPE    1
cpe:/o:debian:debian_linux:4.0

© SecPod Technologies