Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:18972
HistoryJan 21, 2010 - 12:00 a.m.

phpMyAdmin unserialize()调用跨站请求伪造漏洞

2010-01-2100:00:00
Root
www.seebug.org
14

EPSS

0.008

Percentile

81.4%

JSON

BUGTRAQ ID: 37861
CVE(CAN) ID: CVE-2009-4605

phpMyAdmin是用PHP编写的工具,用于通过WEB管理MySQL。

phpMyAdmin使用了传送给scripts/setup.php脚本的configuration和v[0]输入参数来调用unserialize函数,远程攻击者可以通过提交恶意请求执行跨站请求伪造攻击,以其他用户的权限执行任意指令。

phpMyAdmin 2.11.x
厂商补丁:

phpMyAdmin

目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

http://www.phpmyadmin.net/

Related

nessus 4
prion 1
debiancve 1
cve 1
phpmyadmin 1
openvas 3
nvd 1
ubuntucve 1
cvelist 1
osv 1
debian 1
nessus
nessus
phpMyAdmin setup.php unserialize() Arbitrary PHP Code Execution (PMASA-2010-3)
2010-01-27 00:00:00
phpMyAdmin < 2.11.10 Multiple Vulnerabilities
2010-01-20 00:00:00
openSUSE Security Update : phpMyAdmin (phpMyAdmin-1801)
2010-01-18 00:00:00
prion
prion
Cross site request forgery (csrf)
2010-01-19 16:30:00
debiancve
debiancve
CVE-2009-4605
2010-01-19 16:30:00
cve
cve
CVE-2009-4605
2010-01-19 16:30:00
phpmyadmin
phpmyadmin
Unsafe usage of unserialize function.
2010-01-15 00:00:00
openvas
openvas
phpMyAdmin 'unserialize()' RCE Vulnerability
2010-04-20 00:00:00
Debian Security Advisory DSA 2034-1 (phpmyadmin)
2010-05-04 00:00:00
Debian: Security Advisory (DSA-2034-1)
2010-05-04 00:00:00
nvd
nvd
CVE-2009-4605
2010-01-19 16:30:00
ubuntucve
ubuntucve
CVE-2009-4605
2010-01-19 00:00:00
cvelist
cvelist
CVE-2009-4605
2010-01-19 16:00:00
osv
osv
phpmyadmin - several vulnerabilities
2010-04-17 00:00:00
debian
debian
[SECURITY] [DSA 2034-1] New phpmyadmin packages fix several vulnerabilities
2010-04-17 12:35:52

EPSS

0.008

Percentile

81.4%

JSON
Related for SSV:18972
nessus4prion1debiancve1cve1phpmyadmin1openvas3nvd1ubuntucve1cvelist1osv1debian1