漏洞信息详情
phpMyAdmin SQL书签HTML注入漏洞
- CNNVD编号:CNNVD-200907-017
- 危害等级: 中危
- CVE编号: CVE-2009-2284
- 漏洞类型: 跨站脚本
- 发布时间: 2009-06-30
- 威胁类型: 远程
- 更新时间: 2009-08-07
- 厂 商: phpmyadmin
- 漏洞来源: Sven Vetsch admin@...
漏洞简介
phpMyAdmin是用PHP编写的工具,用于通过WEB管理MySQL。
phpMyAdmin没有正确地过滤某些对SQL书签所传送的输入,远程攻击者可以通过提交恶意请求注入并执行任意HTML和脚本代码。
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
MandrakeSoft Enterprise Server 5
Mandriva phpmyadmin-3.2.0.1-0.1mdvmes5.noarch.rpm
http://www.mandriva.com/en/download/
phpMyAdmin phpMyAdmin 3.1.3.2
phpMyAdmin phpMyAdmin 3.2.0.1
http://sourceforge.net/project/showfiles.php?group_id=23067&package_id =16462&release_id=693468
phpMyAdmin phpMyAdmin 3.0.1.1
phpMyAdmin phpMyAdmin 3.2.0.1
http://sourceforge.net/project/showfiles.php?group_id=23067&package_id =16462&release_id=693468
MandrakeSoft Enterprise Server 5 x86_64
Mandriva phpmyadmin-3.2.0.1-0.1mdvmes5.noarch.rpm
http://www.mandriva.com/en/download/
phpMyAdmin phpMyAdmin 3.1.3.1
phpMyAdmin phpMyAdmin 3.2.0.1
http://sourceforge.net/project/showfiles.php?group_id=23067&package_id =16462&release_id=693468
phpMyAdmin phpMyAdmin 3.2.0-rc1
phpMyAdmin phpMyAdmin 3.2.0.1
http://sourceforge.net/project/showfiles.php?group_id=23067&package_id =16462&release_id=693468
phpMyAdmin phpMyAdmin 3.0
phpMyAdmin phpMyAdmin 3.2.0.1
http://sourceforge.net/project/showfiles.php?group_id=23067&package_id =16462&release_id=693468
phpMyAdmin phpMyAdmin 3.0.1
phpMyAdmin phpMyAdmin 3.2.0.1
http://sourceforge.net/project/showfiles.php?group_id=23067&package_id =16462&release_id=693468
phpMyAdmin phpMyAdmin 3.1 0
phpMyAdmin phpMyAdmin 3.2.0.1
http://sourceforge.net/project/showfiles.php?group_id=23067&package_id =16462&release_id=693468
phpMyAdmin phpMyAdmin 3.1.1 1
phpMyAdmin phpMyAdmin 3.2.0.1
http://sourceforge.net/project/showfiles.php?group_id=23067&package_id =16462&release_id=693468
phpMyAdmin phpMyAdmin 3.1.1 0
phpMyAdmin phpMyAdmin 3.2.0.1
http://sourceforge.net/project/showfiles.php?group_id=23067&package_id =16462&release_id=693468
参考网址
来源: www.phpmyadmin.net
链接:http://www.phpmyadmin.net/home_page/security/PMASA-2009-5.php
来源: FEDORA
名称: FEDORA-2009-7329
链接:https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00256.HTML
来源: FEDORA
名称: FEDORA-2009-7340
链接:https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00152.HTML
来源: FEDORA
名称: FEDORA-2009-7337
链接:https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00150.HTML
来源: MANDRIVA
名称: MDVSA-2009:192
链接:http://www.mandriva.com/security/advisories?name=MDVSA-2009:192
来源: SECUNIA
名称: 35715
链接:http://secunia.com/advisories/35715
来源: SECUNIA
名称: 35649
链接:http://secunia.com/advisories/35649
受影响实体
- Phpmyadmin Phpmyadmin:3.2.0
- Phpmyadmin Phpmyadmin:3.2.0-Rc1
- Phpmyadmin Phpmyadmin:3.2.0-Beta1
- Phpmyadmin Phpmyadmin:3.1.5
- Phpmyadmin Phpmyadmin:3.1.4
补丁
暂无
评论