Date: Mon, 15 Sep 2008 20:50:37 +0200 From: Thijs Kinkhorst <thijs@...ian.org> To: oss-security@...ts.openwall.com Cc: coley@...re.org Subject: phpMyAdmin code execution (CVE request) Hi all, "- (220.127.116.11) [security] Code execution vulnerability" http://www.phpmyadmin.net/home_page/downloads.php?relnotes=1 "Welcome to this security update for phpMyAdmin 2.11.9. Details will follow on http://phpmyadmin.net." http://www.nabble.com/phpMyAdmin-18.104.22.168-is-released-td19497113.html Attached patch is the fix from upstream. Judging from that (no other information is available yet), an authenticated user can supply a crafted sort_by parameter to server_databases.php, which will be turned in to executed PHP code because it is passed into create_function(). It is present at least since 2.9.1. I would like to have a CVE id to refer to this issue. Thijs View attachment "pma_codeexecution.diff" of type "text/x-diff" (2833 bytes) Content of type "application/pgp-signature" skipped
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ