Date: Mon, 15 Sep 2008 20:50:37 +0200 From: Thijs Kinkhorst <thijs@...ian.org> To: oss-security@...ts.openwall.com Cc: coley@...re.org Subject: phpMyAdmin code execution (CVE request) Hi all, "- (22.214.171.124) [security] Code execution vulnerability" http://www.phpmyadmin.net/home_page/downloads.php?relnotes=1 "Welcome to this security update for phpMyAdmin 2.11.9. Details will follow on http://phpmyadmin.net." http://www.nabble.com/phpMyAdmin-126.96.36.199-is-released-td19497113.html Attached patch is the fix from upstream. Judging from that (no other information is available yet), an authenticated user can supply a crafted sort_by parameter to server_databases.php, which will be turned in to executed PHP code because it is passed into create_function(). It is present at least since 2.9.1. I would like to have a CVE id to refer to this issue. Thijs View attachment "pma_codeexecution.diff" of type "text/x-diff" (2833 bytes) Content of type "application/pgp-signature" skipped
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.