Ravens PHP Scripts

phpMyAdmin *sort_by* PHP Code Execution
Date: Tuesday, September 16, 2008 @ 19:47:54 PDT
Topic: Security


SECUNIA ADVISORY ID: SA31884

VERIFY ADVISORY: http://secunia.com/advisories/31884/

CRITICAL: Moderately critical

IMPACT: System access

SOFTWARE: phpMyAdmin 2.x - http://secunia.com/advisories/product/1720/

DESCRIPTION: Norman Hippert has reported a vulnerability in phpMyAdmin, which can be exploited by malicious users to compromise a vulnerable system. The vulnerability is reported in all versions prior to 2.11.9.1.



Input passed to the "sort_by" parameter in server_databases.php is not properly sanitised before being used. This can be exploited to execute arbitrary PHP code. Successful exploitation requires valid user credentials.

SOLUTION: Update to version 2.11.9.1.

PROVIDED AND/OR DISCOVERED BY: Norman Hippert

ORIGINAL ADVISORY: PMASA-2008-7: http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-7

Norman Hippert: http://fd.the-wildcat.de/pma_e36a091q11.php






This article comes from Ravens PHP Scripts
http://www.ravenphpscripts.com

The URL for this story is:
http://www.ravenphpscripts.com/modules.php?name=News&file=article&sid=3451