Luisyana

#16014de 53,635
16.8CVSS total
Vulnerabilidades · 3
Média
2
Alta
1
PT-2009-3709
5.0
2009-03-26
Phpmyadmin · Phpmyadmin · CVE-2009-1148
**Name of the Vulnerable Software and Affected Versions** phpMyAdmin versions prior to 3.1.3.1 **Description** The issue allows remote attackers to read arbitrary files via directory traversal sequences in the `file path` parameter (`$filename` variable) in the BLOB streaming feature. This is due to a directory traversal vulnerability in the `bs disp as mime type.php` file. **Recommendations** For versions prior to 3.1.3.1, update to version 3.1.3.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the `bs disp as mime type.php` file to minimize the risk of exploitation. Avoid using the `file path` parameter in the affected feature until the issue is resolved.
PT-2009-3710
7.5
2009-03-26
Phpmyadmin · Phpmyadmin · CVE-2009-1149
**Name of the Vulnerable Software and Affected Versions** phpMyAdmin versions prior to 3.1.3.1 **Description** The issue allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks. This is achieved through the `c type` and possibly the `file type` parameters in the BLOB streaming feature. **Recommendations** For versions prior to 3.1.3.1, update to version 3.1.3.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the `bs disp as mime type.php` file to minimize the risk of exploitation. Avoid using the `c type` and `file type` parameters in the affected API endpoint until the issue is resolved.
PT-2009-3711
4.3
2009-03-26
Phpmyadmin · Phpmyadmin · CVE-2009-1150
**Name of the Vulnerable Software and Affected Versions** phpMyAdmin versions 2.11.x through 2.11.9.4 phpMyAdmin versions 3.x through 3.1.3.0 **Description** The issue allows remote attackers to inject arbitrary web script or HTML via the `pma db filename template` cookie in the export page, specifically in the display export.lib.php file. This is a case of cross-site scripting (XSS) vulnerabilities. **Recommendations** For phpMyAdmin versions 2.11.x through 2.11.9.4, update to version 2.11.9.5 or later. For phpMyAdmin versions 3.x through 3.1.3.0, update to version 3.1.3.1 or later. As a temporary workaround, consider restricting access to the export page or disabling the use of the `pma db filename template` cookie until a patch is available.