Lucene search
RootSSV:12512HistoryOct 22, 2009 - 12:00 a.m.
phpMyAdmin SQL注入和跨站脚本漏洞
2009-10-2200:00:00
Root
www.seebug.org
24
EPSS
0.005
Percentile
77.1%
BUGTRAQ ID: 36658
CVE ID: CVE-2009-3697,CVE-2009-3696
phpMyAdmin是用PHP编写的工具,用于通过WEB管理MySQL。
phpMyAdmin没有正确地过滤对MySQL表格名称所提交的输入参数,远程攻击者可以通过提交恶意请求执行存储式跨站脚本攻击,并在用户浏览恶意数据时执行所注入的HTML和脚本代码;此外phpMyAdmin还没有正确地过滤提交给PDF schema生成器功能的各种参数,远程攻击者可以通过提交恶意请求执行SQL注入攻击。
phpMyAdmin 3.x
phpMyAdmin 2.11.x
厂商补丁:
phpMyAdmin
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
Related
openvas
openvas
Mandrake Security Advisory MDVSA-2009:274 (phpmyadmin)
2009-10-19 00:00:00
Debian: Security Advisory (DSA-1918-1)
2009-10-27 00:00:00
nessus
nessus
phpMyAdmin < 2.11.9.6 / 3.x < 3.2.2.1 Multiple Vulnerabilities
2009-10-15 00:00:00
openSUSE Security Update : phpMyAdmin (phpMyAdmin-1416)
2009-10-23 00:00:00
Debian DSA-1918-1 : phpmyadmin - several vulnerabilities
2010-02-24 00:00:00
phpmyadmin
phpmyadmin
XSS and SQL injection vulnerabilities
2009-10-13 00:00:00
osv
osv
phpmyadmin - several vulnerabilities
2009-10-25 00:00:00
phpMyAdmin Cross-site Scripting In MySQL Table Name
2022-05-02 03:47:43
debian
debian
[SECURITY] [DSA 1918-1] New phpmyadmin packages fix several vulnerabilities
2009-10-25 12:00:02
freebsd
freebsd
phpmyadmin -- XSS and SQL injection vulnerabilities
2009-10-13 00:00:00
cvelist
cvelist
CVE-2009-3697
2009-10-16 16:00:00
CVE-2009-3696
2009-10-16 16:00:00
debiancve
debiancve
CVE-2009-3697
2009-10-16 16:30:00
CVE-2009-3696
2009-10-16 16:30:00
ubuntucve
ubuntucve
CVE-2009-3696
2009-10-16 00:00:00
CVE-2009-3697
2009-10-16 00:00:00
prion
prion
Cross site scripting
2009-10-16 16:30:00
Sql injection
2009-10-16 16:30:00
redhatcve
redhatcve
CVE-2009-3697
2019-10-04 22:18:57
CVE-2009-3696
2019-10-04 22:18:58
nvd
nvd
CVE-2009-3696
2009-10-16 16:30:00
CVE-2009-3697
2009-10-16 16:30:00
cve
cve
CVE-2009-3696
2009-10-16 16:30:00
CVE-2009-3697
2009-10-16 16:30:00
github
github
phpMyAdmin Cross-site Scripting In MySQL Table Name
2022-05-02 03:47:43