Current time: 12-24-2024, 12:49 PM Hello There, Guest! (LoginRegister)


Post Reply 
phpMyAdmin update
Author Message
Kika Offline
Member
***

Posts: 293
Joined: Feb 2007
Reputation: 8
Post: #1
phpMyAdmin update
http://www.phpmyadmin.net/home_page/secu...ASA-2008-7
Quote:phpMyAdmin security announcement PMASA-2008-7

Announcement-ID: PMASA-2008-7
Date: 2008-09-15
Updated: 2008-09-17 (CVE id)

Summary:
Code execution vulnerability

Description:
We received an advisory from Norman Hippert and we wish to thank him for his work. The server_databases.php script was vulnerable to an attack coming from a user who is already logged-on to phpMyAdmin, where he can execute shell code (if the PHP configuration permits commands like exec).

Severity:
We consider this vulnerability to be serious.

Affected versions:
Versions before 2.11.9.1.

Solution:
Upgrade to phpMyAdmin 2.11.9.1 or newer.
References:

http://fd.the-wildcat.de/pma_e36a091q11.php
http://cve.mitre.org/cgi-bin/cvename.cgi...-2008-4096
In case of questions, please contact the phpMyAdmin team. Our website is http://www.phpmyadmin.net/.
09-19-2008 04:12 PM
Find all posts by this user Quote this message in a reply
BeNe Offline
Moderator
*****
Moderators

Posts: 5,899
Joined: Jan 2007
Reputation: 68
Post: #2
RE: phpMyAdmin update
Already done by RatS on 16.09 --> http://www.isp-control.net/ispcp/changeset/1352

Greez BeNe
09-19-2008 04:19 PM
Visit this user's website Find all posts by this user Quote this message in a reply
Kika Offline
Member
***

Posts: 293
Joined: Feb 2007
Reputation: 8
Post: #3
RE: phpMyAdmin update
Smile Thanks
09-19-2008 04:39 PM
Find all posts by this user Quote this message in a reply
Post Reply 


Forum Jump:


User(s) browsing this thread: 1 Guest(s)