Lucene search
GoogleOSV:DSA-1557-1HistoryApr 24, 2008 - 12:00 a.m.
phpmyadmin - several vulnerabilities
2008-04-2400:00:00
Google
osv.dev
13
EPSS
0.003
Percentile
70.7%
Several remote vulnerabilities have been discovered in phpMyAdmin,
an application to administrate MySQL over the WWW. The Common
Vulnerabilities and Exposures project identifies the following problems:
- CVE-2008-1924
Attackers with CREATE table permissions were allowed to read
arbitrary files readable by the webserver via a crafted
HTTP POST request. - CVE-2008-1567
The PHP session data file stored the username and password of
a logged in user, which in some setups can be read by a local
user. - CVE-2008-1149
Cross site scripting and SQL injection were possible by attackers
that had permission to create cookies in the same cookie domain
as phpMyAdmin runs in.
For the stable distribution (etch), these problems have been fixed in
version 4:2.9.1.1-7.
For the unstable distribution (sid), these problems have been fixed in
version 4:2.11.5.2-1.
We recommend that you upgrade your phpmyadmin package.
References
Related
openvas
openvas
Debian Security Advisory DSA 1557-1 (phpmyadmin)
2008-04-30 00:00:00
Debian: Security Advisory (DSA-1557-1)
2008-04-30 00:00:00
Gentoo Security Advisory GLSA 200805-02 (phpmyadmin)
2008-09-24 00:00:00
securityvulns
securityvulns
nessus
nessus
Debian DSA-1557-1 : phpmyadmin - insufficient input sanitising
2008-04-28 00:00:00
openSUSE 10 Security Update : phpMyAdmin (phpMyAdmin-5781)
2008-11-18 00:00:00
openSUSE Security Update : phpMyAdmin (phpMyAdmin-442)
2009-07-21 00:00:00
debian
debian
[SECURITY] [DSA 1557-1] New phpmyadmin packages fix several vulnerabilities
2008-04-24 20:32:28
redhatcve
redhatcve
CVE-2008-1924
2019-10-04 19:49:05
CVE-2008-1567
2019-10-04 19:40:39
prion
prion
Design/Logic Flaw
2008-04-23 16:05:00
Cross site request forgery (csrf)
2008-03-04 23:44:00
Information disclosure
2008-03-31 22:44:00
nvd
nvd
phpmyadmin
phpmyadmin
Credentials disclosure on shared hosts via session data
2008-03-29 00:00:00
File disclosure on shared hosts via a crafted HTTP POST request.
2008-04-22 00:00:00
SQL injection vulnerability (Delayed Cross Site Request Forgery)
2008-03-01 00:00:00
cve
cve
ubuntucve
ubuntucve
debiancve
debiancve
cvelist
cvelist
gentoo
gentoo
phpMyAdmin: Information disclosure
2008-05-05 00:00:00
phpMyAdmin: SQL injection vulnerability
2008-03-09 00:00:00
freebsd
freebsd
phpmyadmin -- Shared Host Information Disclosure
2008-04-23 00:00:00
phpmyadmin -- SQL injection vulnerability
2008-03-01 00:00:00
phpmyadmin -- Username/Password Session File Information Disclosure
2008-03-31 00:00:00
fedora
fedora
[SECURITY] Fedora 8 Update: phpMyAdmin-2.11.5.1-1.fc8
2008-04-01 21:34:55
[SECURITY] Fedora 7 Update: phpMyAdmin-2.11.5.1-1.fc7
2008-04-01 21:39:15