oss-sec mailing list archives
phpMyAdmin code execution (CVE request)
From: Thijs Kinkhorst <thijs () debian org>
Date: Mon, 15 Sep 2008 20:50:37 +0200
Hi all, "- (2.11.9.1) [security] Code execution vulnerability" http://www.phpmyadmin.net/home_page/downloads.php?relnotes=1 "Welcome to this security update for phpMyAdmin 2.11.9. Details will follow on http://phpmyadmin.net." http://www.nabble.com/phpMyAdmin-2.11.9.1-is-released-td19497113.html Attached patch is the fix from upstream. Judging from that (no other information is available yet), an authenticated user can supply a crafted sort_by parameter to server_databases.php, which will be turned in to executed PHP code because it is passed into create_function(). It is present at least since 2.9.1. I would like to have a CVE id to refer to this issue. Thijs
Attachment:
pma_codeexecution.diff
Description:
Attachment:
_bin
Description:
Current thread:
- phpMyAdmin code execution (CVE request) Thijs Kinkhorst (Sep 15)
- Re: phpMyAdmin code execution (CVE request) Steven M. Christey (Sep 15)