Issues the date: 2008-06-23
Renewal date: 2008-07-07
Is affected the system:
phpMyAdmin phpMyAdmin < 2.11.7
Not affected system:
phpMyAdmin phpMyAdmin 2.11.7
Description:
--------------------------------------------------------------------------------
CVE(CAN) ID: CVE-2008-2960
phpMyAdmin is the tool which compiles with PHP, uses in managing MySQL through WEB.
If the PHP register_globals establishment is on, and the server has not applied in /libraries .htaccess document establishment, the long-distance aggressor may through to the phpMyAdmin submission evil intention request that carries out the cross station script attack, causes the execution random code.
<* origin: Tim Starling
Link: http://secunia.com/advisories/30813
http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-4
*>
Suggested:
--------------------------------------------------------------------------------
Manufacturer patch:
phpMyAdmin
----------
At present the manufacturer had already issued the promotion patch repairs this security problem, welcome to manufacturer main page downloading:
http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin?view=rev&revision=11326
|