Bug 20402

Summary: Multiple vulnerabilities: CVE-2009-1148, CVE-2009-1149, CVE-2009-1150, CVE-2009-1285
Product: Sisyphus Reporter: Vladimir Lettiev <crux>
Component: phpMyAdminAssignee: drool <drool>
Status: CLOSED FIXED QA Contact: qa-sisyphus
Severity: blocker    
Priority: P3 CC: drool, vvk
Version: unstableKeywords: security
Hardware: all   
OS: Linux   
URL: http://www.phpmyadmin.net/home_page/security/PMASA-2009-4.php
Bug Depends on: 22408    
Bug Blocks:    

Description Vladimir Lettiev 2009-06-10 10:37:17 MSD
Обнаружено множество проблем безопасности в phpMyAdmin:

PMASA-2009-1 - The BLOB streaming feature allowed attacker to include arbitrary files and inject HTTP headers using crafted URL parameters.
PMASA-2009-2 - Cross-site scripting on export page using cookies.
PMASA-2009-3, PMASA-2009-4 - Insufficient output sanitizing when generating configuration file.

Исправление доступно в версиях >= 3.1.3.2 (на данный момент это 3.1.5).
Comment 1 Dmitriy Kulik 2009-12-25 11:18:18 MSK
Fixed