phpMyAdmin Multiple Vulnerabilities

Posted on Wednesday, July 06, 2011 @ 04:17:32 CEST in Security
by Raven



CRITICALITY: Highly Critical

RELEASE DATE: 2011-07-06

DESCRIPTION: Some vulnerabilities have been reported in phpMyAdmin, which can be exploited by malicious users to disclose sensitive information and by malicious users and malicious people to compromise a vulnerable system. The vulnerabilities are reported in versions prior to and

NOTE: A weakness in setup scripts, which could lead to arbitrary PHP code injection if session variables are overwritten has also been reported.
1) An error within the "Swekey_login()" function in libraries/auth/swekey/swekey.auth.lib.php can be exploited to overwrite session variables and e.g. inject and execute arbitrary PHP code.

2) Input passed to the "PMA_createTargetTables()" function in libraries/server_synchronize.lib.php is not properly sanitised before calling the "preg_replace()" function with the "e" modifier. This can be exploited to execute arbitrary PHP code via URL-encoded NULL bytes.

3) Input passed to the "PMA_displayTableBody()" function in libraries/display_tbl.lib.php is not properly sanitised before being used to include files. This can be exploited to include arbitrary files from local resources via directory traversal sequences.

SOLUTION: Update to version or

PROVIDED AND/OR DISCOVERED BY: The vendor credits Frans Pehrson, Xxor AB.

click Related        click Share
Associated Topics

News ©

Site Info v2.2.2

Last SeenLast Seen
Server TrafficServer Traffic
  • Total: 373,064,502
  • Today: 68,340
Server InfoServer Info
  • Dec 11, 2018
  • 05:16 pm CET