|
|
Info |
Last Modified |
| about 1 year ago |
|
|
|
|
|
Description |
phpMyAdmin contains a flaw that may allow a remote malicious user to execute arbitrary commands. The issue arises due to the eval() function not properly checking input within tbl_copy.php which can be exploited by sending a specially crafted URL to the page. It is possible that the flaw may allow remote execution of arbitrary commands within the permissions context of the web server's user and group. This could result in a loss of system integrity.
|
|
Classification |
Location:
Remote/Network Access Required
Attack Type:
Input Manipulation
Impact:
Loss of Integrity
Exploit:
Exploit Available
Disclosure:
OSVDB Verified
OSVDB:
Web Related
|
|
Solution |
Upgrade to phpMyAdmin version 2.2.0 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround:
Comment out the eval() function within tbl_copy.php, as there are no call's made to the eval() function at any point within the script.
|
|
Products |
|
phpMyAdmin
 |
2.2.0 RC3 |
2.2.0 RC2 |
2.2.0 RC1 |
2.2.0 pre2 |
2.2.0 pre1 |
2.1.x |
2.0.x |
|
|
|
|
|
Credit |
- Carl Livitt - carl
 ititc.com -
|
|
BlogsProvided by Technorati
|
None found at this time
|
|
|
