CVE-2009-1149

Name of the Vulnerable Software and Affected Versions phpMyAdmin versions prior to 3.1.3.1

Description The issue allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks. This is achieved through the c type and possibly the file type parameters in the BLOB streaming feature.

Recommendations For versions prior to 3.1.3.1, update to version 3.1.3.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the bs disp as mime type.php file to minimize the risk of exploitation. Avoid using the c type and file type parameters in the affected API endpoint until the issue is resolved.