|
-
September 17th, 2008, 06:45 PM
#1
Alert: phpMyAdmin Vulnerability Discovered
FYI MySQL devs/admins. Looks like phpMyAdmin 2.11.9.0 and 3.0.0 RC1 have a pretty serious vulnerability. Upgrade today!
Serious vulnerability in phpMyAdmin [Update] - Heise Security
The advisory released by the phpMyAdmin developers stated the problem was that parameters of sort_by were not escaped and an attacker, if they were already logged in, could manipulate this to call the PHP exec function and run arbitrary code. The vulnerability was discovered by Norman Hippert in 3.0.0 RC1 initially, and checking showed that previous versions were also affected.
Similar Threads
-
By therenegade in forum Web Security
Replies: 13
Last Post: April 1st, 2005, 09:03 AM
-
By mohaughn in forum Microsoft Security Discussions
Replies: 2
Last Post: October 13th, 2004, 04:31 AM
-
By spools.exe in forum Microsoft Security Discussions
Replies: 0
Last Post: September 15th, 2003, 09:47 PM
-
By xmaddness in forum Miscellaneous Security Discussions
Replies: 0
Last Post: January 28th, 2003, 09:12 PM
-
By xmaddness in forum Microsoft Security Discussions
Replies: 1
Last Post: May 8th, 2002, 01:34 AM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote