Lucene search
RootSSV:5058HistoryApr 16, 2009 - 12:00 a.m.
phpMyAdmin配置文件PHP代码注入漏洞
2009-04-1600:00:00
Root
www.seebug.org
28
EPSS
0.029
Percentile
90.9%
BUGTRAQ ID: 34526
CVE(CAN) ID: CVE-2009-1285
phpMyAdmin是用PHP编写的工具,用于通过WEB管理MySQL。
phpMyAdmin所使用的setup脚本没有正确地过滤配置参数,如果远程攻击者向服务器提交了恶意的POST请求,就可以在所生成的配置文件中注入任意PHP代码。
phpMyAdmin phpMyAdmin 3.x
phpMyAdmin phpMyAdmin 2.11.x
phpMyAdmin
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
<a href=“http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin?view=rev&revision=12342” target=“_blank”>http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin?view=rev&revision=12342</a>
<a href=“http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin?view=rev&revision=12348” target=“_blank”>http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin?view=rev&revision=12348</a>
Related
openvas
openvas
Fedora Core 10 FEDORA-2009-3700 (phpMyAdmin)
2009-04-20 00:00:00
FreeBSD Ports: phpMyAdmin
2009-04-20 00:00:00
FreeBSD Ports: phpMyAdmin
2009-04-20 00:00:00
nessus
nessus
phpMyAdmin Setup Script Configuration Parameters Arbitrary PHP Code Injection (PMASA-2009-4)
2009-04-16 00:00:00
Fedora 10 : phpMyAdmin-3.1.3.2-1.fc10 (2009-3700)
2009-04-23 00:00:00
cve
cve
CVE-2009-1285
2009-04-16 15:12:57
nvd
nvd
CVE-2009-1285
2009-04-16 15:12:57
cvelist
cvelist
CVE-2009-1285
2009-04-16 15:00:00
ubuntucve
ubuntucve
CVE-2009-1285
2009-04-16 00:00:00
phpmyadmin
phpmyadmin
Insufficient output sanitizing when generating configuration file.
2009-04-14 00:00:00
debiancve
debiancve
CVE-2009-1285
2009-04-16 15:12:57
prion
prion
Code injection
2009-04-16 15:12:00
seebug
seebug
CVE-2009-1285: phpMyAdmin Code Injection
2009-04-25 00:00:00
freebsd
freebsd
redhatcve
redhatcve
CVE-2009-1285
2019-10-04 21:36:54