漏洞信息详情

phpMyAdmin共享主机远程信息泄露漏洞

• CNNVD编号：CNNVD-200804-347
• 危害等级： 中危
  
• CVE编号： CVE-2008-1924
• 漏洞类型： 信息泄露
• 发布时间： 2008-04-23
• 威胁类型： 远程
• 更新时间： 2009-02-20
• 厂        商： phpmyadmin
• 漏洞来源： Cezary Tomczak

漏洞简介

phpMyAdmin是用PHP编写的工具，用于通过WEB管理MySQL。

phpMyAdmin实现上存在未明漏洞。远程攻击者能够访问共享主机的话，就可以通过向phpMyAdmin发送特制的HTTP POST请求导致泄露敏感信息。

漏洞公告

目前厂商已经发布了升级补丁以修复这个安全问题，补丁下载链接：

phpMyAdmin phpMyAdmin 2.10.0.1

phpMyAdmin phpMyAdmin-2.11.5.2-all-languages.tar.gz

http://prdownloads.sourceforge.net/phpmyadmin/phpMyAdmin-2.11.5.2-all- languages.tar.gz?download

phpMyAdmin phpMyAdmin 2.10.0.1

phpMyAdmin phpMyAdmin-2.11.5.2-all-languages.tar.gz

http://prdownloads.sourceforge.net/phpmyadmin/phpMyAdmin-2.11.5.2-all- languages.tar.gz?download

phpMyAdmin phpMyAdmin 2.7.0-pl2

phpMyAdmin phpMyAdmin-2.11.5.2-all-languages.tar.gz

http://prdownloads.sourceforge.net/phpmyadmin/phpMyAdmin-2.11.5.2-all- languages.tar.gz?download

phpMyAdmin phpMyAdmin 2.9.0.3

phpMyAdmin phpMyAdmin-2.11.5.2-all-languages.tar.gz

http://prdownloads.sourceforge.net/phpmyadmin/phpMyAdmin-2.11.5.2-all- languages.tar.gz?download

phpMyAdmin phpMyAdmin 2.10.0.2

phpMyAdmin phpMyAdmin-2.11.5.2-all-languages.tar.gz

http://prdownloads.sourceforge.net/phpmyadmin/phpMyAdmin-2.11.5.2-all- languages.tar.gz?download

phpMyAdmin phpMyAdmin 2.11.2.2

phpMyAdmin phpMyAdmin-2.11.5.2-all-languages.tar.gz

http://prdownloads.sourceforge.net/phpmyadmin/phpMyAdmin-2.11.5.2-all- languages.tar.gz?download

phpMyAdmin phpMyAdmin 2.9.2-rc1

phpMyAdmin phpMyAdmin-2.11.5.2-all-languages.tar.gz

http://prdownloads.sourceforge.net/phpmyadmin/phpMyAdmin-2.11.5.2-all- languages.tar.gz?download

phpMyAdmin phpMyAdmin 2.11.1.1

phpMyAdmin phpMyAdmin-2.11.5.2-all-languages.tar.gz

http://prdownloads.sourceforge.net/phpmyadmin/phpMyAdmin-2.11.5.2-all- languages.tar.gz?download

phpMyAdmin phpMyAdmin 2.9.1.1

phpMyAdmin phpMyAdmin-2.11.5.2-all-languages.tar.gz

http://prdownloads.sourceforge.net/phpmyadmin/phpMyAdmin-2.11.5.2-all- languages.tar.gz?download

phpMyAdmin phpMyAdmin 2.11.2.1

phpMyAdmin phpMyAdmin-2.11.5.2-all-languages.tar.gz

http://prdownloads.sourceforge.net/phpmyadmin/phpMyAdmin-2.11.5.2-all- languages.tar.gz?download

phpMyAdmin phpMyAdmin 2.0

phpMyAdmin phpMyAdmin-2.11.5.2-all-languages.tar.gz

http://prdownloads.sourceforge.net/phpmyadmin/phpMyAdmin-2.11.5.2-all- languages.tar.gz?download

phpMyAdmin phpMyAdmin 2.0.2

phpMyAdmin phpMyAdmin-2.11.5.2-all-languages.tar.gz

http://prdownloads.sourceforge.net/phpmyadmin/phpMyAdmin-2.11.5.2-all- languages.tar.gz?download

phpMyAdmin phpMyAdmin 2.0.3

phpMyAdmin phpMyAdmin-2.11.5.2-all-languages.tar.gz

http://prdownloads.sourceforge.net/phpmyadmin/phpMyAdmin-2.11.5.2-all- languages.tar.gz?download

phpMyAdmin phpMyAdmin 2.0.4

phpMyAdmin phpMyAdmin-2.11.5.2-all-languages.tar.gz

http://prdownloads.sourceforge.net/phpmyadmin/phpMyAdmin-2.11.5.2-all- languages.tar.gz?download

phpMyAdmin phpMyAdmin 2.0.5

phpMyAdmin phpMyAdmin-2.11.5.2-all-languages.tar.gz

http://prdownloads.sourceforge.net/phpmyadmin/phpMyAdmin-2.11.5.2-all- languages.tar.gz?download

phpMyAdmin phpMyAdmin 2.1 .2

phpMyAdmin phpMyAdmin-2.11.5.2-all-languages.tar.gz

http://prdownloads.sourceforge.net/phpmyadmin/phpMyAdmin-2.11.5.2-all- languages.tar.gz?download

phpMyAdmin phpMyAdmin 2.11.4

phpMyAdmin phpMyAdmin-2.11.5.2-all-languages.tar.gz

http://prdownloads.sourceforge.net/phpmyadmin/phpMyAdmin-2.11.5.2-all- languages.tar.gz?download

phpMyAdmin phpMyAdmin 2.11.5

phpMyAdmin phpMyAdmin-2.11.5.2-all-languages.tar.gz

http://prdownloads.sourceforge.net/phpmyadmin/phpMyAdmin-2.11.5.2-all- languages.tar.gz?download

phpMyAdmin phpMyAdmin 2.5.4

phpMyAdmin phpMyAdmin-2.11.5.2-all-languages.tar.gz

http://prdownloads.sourceforge.net/phpmyadmin/phpMyAdmin-2.11.5.2-all- languages.tar.gz?download

phpMyAdmin phpMyAdmin 2.5.5

phpMyAdmin phpMyAdmin-2.11.5.2-all-languages.tar.gz

http://prdownloads.sourceforge.net/phpmyadmin/phpMyAdmin-2.11.5.2-all- languages.tar.gz?download

phpMyAdmin phpMyAdmin 2.5.5 pl1

phpMyAdmin phpMyAdmin-2.11.5.2-all-languages.tar.gz

http://prdownloads.sourceforge.net/phpmyadmin/phpMyAdmin-2.11.5.2-all- languages.tar.gz?download

phpMyAdmin phpMyAdmin 2.5.5 -rc2

phpMyAdmin phpMyAdmin-2.11.5.2-all-languages.tar.gz

http://prdownloads.sourceforge.net/phpmyadmin/phpMyAdmin-2.11.5.2-all- languages.tar.gz?download

phpMyAdmin

参考网址

来源: BID

名称: 28906

链接:http://www.securityfocus.com/bid/28906

来源: XF

名称: phpmyadmin-unspecified-info-disclosure(41964)

链接:http://xforce.iss.net/xforce/xfdb/41964

来源: www.phpmyadmin.net

链接:http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-3

来源: MANDRIVA

名称: MDVSA-2008:131

链接:http://www.mandriva.com/security/advisories?name=MDVSA-2008:131

来源: VUPEN

名称: ADV-2008-1328

链接:http://www.frsirt.com/english/advisories/2008/1328/references

来源: DEBIAN

名称: DSA-1557

链接:http://www.debian.org/security/2008/dsa-1557

来源: GENTOO

名称: GLSA-200805-02

链接:http://security.gentoo.org/glsa/glsa-200805-02.xml

来源: SECUNIA

名称: 33822

链接:http://secunia.com/advisories/33822

来源: SECUNIA

名称: 32834

链接:http://secunia.com/advisories/32834

来源: SECUNIA

名称: 30816

链接:http://secunia.com/advisories/30816

来源: SECUNIA

名称: 30034

链接:http://secunia.com/advisories/30034

来源: SECUNIA

名称: 29964

链接:http://secunia.com/advisories/29964

来源: SECUNIA

名称: 29944

链接:http://secunia.com/advisories/29944

来源: SUSE

名称: SUSE-SR:2009:003

链接:http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.HTML

来源: SUSE

名称: SUSE-SR:2008:026

链接:http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.HTML

受影响实体

• Phpmyadmin Phpmyadmin:2.11.5.1  
• Phpmyadmin Phpmyadmin:2.11.6rc1  
• Phpmyadmin Phpmyadmin:2.11.5  
• Phpmyadmin Phpmyadmin:2.11.4rc1  
• Phpmyadmin Phpmyadmin:2.11.4  

补丁

暂无