phpMyAdmin Multiple Unspecified Input Validation Vulnerabilities
BID:21987
Info
phpMyAdmin Multiple Unspecified Input Validation Vulnerabilities
| Bugtraq ID: | 21987 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 10 2007 12:00AM |
| Updated: | Jan 10 2007 08:52PM |
| Credit: | These vulnerabilities were reported by the vendor. |
| Vulnerable: |
phpMyAdmin phpMyAdmin 2.9.1.1 |
| Not Vulnerable: |
phpMyAdmin phpMyAdmin 2.9.2-rc1 |
Discussion
phpMyAdmin Multiple Unspecified Input Validation Vulnerabilities
phpMyAdmin is prone to multiple input-validation vulnerabilities, including multiple HTML-injection issues and other unspecified vulnerabilities.
A successful exploit of these vulnerabilities could allow an attacker to compromise the application, access or modify data, or steal cookie-based authentication credentials. Other attacks are also possible.
Version 2.9.1.1 is vulnerable to this issue; other versions may also be affected.
phpMyAdmin is prone to multiple input-validation vulnerabilities, including multiple HTML-injection issues and other unspecified vulnerabilities.
A successful exploit of these vulnerabilities could allow an attacker to compromise the application, access or modify data, or steal cookie-based authentication credentials. Other attacks are also possible.
Version 2.9.1.1 is vulnerable to this issue; other versions may also be affected.
Exploit / POC
phpMyAdmin Multiple Unspecified Input Validation Vulnerabilities
To exploit the HTML-injection vulnerabilities, an attacker can use a web client.
To exploit the HTML-injection vulnerabilities, an attacker can use a web client.
Solution / Fix
phpMyAdmin Multiple Unspecified Input Validation Vulnerabilities
Solution:
The vendor has released version 2.9.2-rc1 to address these issues. Please see the reference section for details.
phpMyAdmin phpMyAdmin 2.9.1.1
Solution:
The vendor has released version 2.9.2-rc1 to address these issues. Please see the reference section for details.
phpMyAdmin phpMyAdmin 2.9.1.1
-
phpMyAdmin phpMyAdmin-2.9.2-rc1-all-languages.tar.bz2
http://prdownloads.sourceforge.net/phpmyadmin/phpMyAdmin-2.9.2-rc1-all -languages.tar.bz2
References
phpMyAdmin Multiple Unspecified Input Validation Vulnerabilities
References:
References:
- phpMyAdmin Homepage (phpMyAdmin)