Gentoo Linux Security Advisory 201311-2 - Multiple vulnerabilities have been found in phpMyAdmin, allowing remote authenticated attackers to execute arbitrary code, inject SQL code or conduct other attacks. Versions less than 4.0.5 are affected.
bdc5fc2fd976e67643d39f9d1d11505fb74cb58060d3a64f0597fbc5774c8c45Mandriva Linux Security Advisory 2013-160 - An updated phpmyadmin package fixes multiple security vulnerabilities. In some PHP versions, the preg_replace function can be tricked into executing arbitrary PHP code on the server. This is done by passing a crafted argument as the regular expression, containing a null byte. phpMyAdmin does not correctly sanitize an argument passed to preg_replace when using the Replace table prefix feature, opening the way to this vulnerability. phpMyAdmin can be configured to save an export file on the web server, via its SaveDir directive. With this in place, it's possible, either via a crafted filename template or a crafted table name, to save a double extension file like foobar.php.sql. In turn, an Apache webserver on which there is no definition for the MIME type sql will treat this saved file as a.php script, leading to remote code execution.
768d3d828b28c886594ff7bb01ff35caab0c6b267c92575a346fdf2e220d098bThis Metasploit module exploits a PREG_REPLACE_EVAL vulnerability in phpMyAdmin's replace_prefix_tbl within libraries/mult_submits.inc.php via db_settings.php. This affects versions 3.5.x below 3.5.8.1 and 4.0.0 below 4.0.0-rc3. PHP versions greater than 5.4.6 are not vulnerable.
cde46aba3bb442a48c277780f2ae183ec296c40bdbad1fb176830924a1405679phpMyAdmin versions 3.5.8 and 4.0.0-RC2 suffer from multiple remote code execution, local file inclusion, and array overwrite vulnerabilities.
5f5b20d982ae97824512b1c23808b9c17b328dae83d316eee98cdebbab52a1c6
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed