CNNVD-ID编号 | CNNVD-200907-017 |
CVE编号 | CVE-2009-2284 |
发布时间 | 2009-06-30 |
更新时间 | 2009-08-07 |
漏洞类型 | 跨站脚本 |
漏洞来源 | Sven Vetsch admin@disenchant.ch |
危险等级 | 中危 |
威胁类型 | 远程 |
厂 商 | phpmyadmin |
phpMyAdmin是用PHP编写的工具,用于通过WEB管理MySQL。
phpMyAdmin没有正确地过滤某些对SQL书签所传送的输入,远程攻击者可以通过提交恶意请求注入并执行任意HTML和脚本代码。
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
MandrakeSoft Enterprise Server 5
Mandriva phpmyadmin-3.2.0.1-0.1mdvmes5.noarch.rpm
http://www.mandriva.com/en/download/
phpMyAdmin phpMyAdmin 3.1.3.2
phpMyAdmin phpMyAdmin 3.2.0.1
http://sourceforge.net/project/showfiles.php?group_id=23067&package_id =16462&release_id=693468
phpMyAdmin phpMyAdmin 3.0.1.1
phpMyAdmin phpMyAdmin 3.2.0.1
http://sourceforge.net/project/showfiles.php?group_id=23067&package_id =16462&release_id=693468
MandrakeSoft Enterprise Server 5 x86_64
Mandriva phpmyadmin-3.2.0.1-0.1mdvmes5.noarch.rpm
http://www.mandriva.com/en/download/
phpMyAdmin phpMyAdmin 3.1.3.1
phpMyAdmin phpMyAdmin 3.2.0.1
http://sourceforge.net/project/showfiles.php?group_id=23067&package_id =16462&release_id=693468
phpMyAdmin phpMyAdmin 3.2.0-rc1
phpMyAdmin phpMyAdmin 3.2.0.1
http://sourceforge.net/project/showfiles.php?group_id=23067&package_id =16462&release_id=693468
phpMyAdmin phpMyAdmin 3.0
phpMyAdmin phpMyAdmin 3.2.0.1
http://sourceforge.net/project/showfiles.php?group_id=23067&package_id =16462&release_id=693468
phpMyAdmin phpMyAdmin 3.0.1
phpMyAdmin phpMyAdmin 3.2.0.1
http://sourceforge.net/project/showfiles.php?group_id=23067&package_id =16462&release_id=693468
phpMyAdmin phpMyAdmin 3.1 0
phpMyAdmin phpMyAdmin 3.2.0.1
http://sourceforge.net/project/showfiles.php?group_id=23067&package_id =16462&release_id=693468
phpMyAdmin phpMyAdmin 3.1.1 1
phpMyAdmin phpMyAdmin 3.2.0.1
http://sourceforge.net/project/showfiles.php?group_id=23067&package_id =16462&release_id=693468
phpMyAdmin phpMyAdmin 3.1.1 0
phpMyAdmin phpMyAdmin 3.2.0.1
http://sourceforge.net/project/showfiles.php?group_id=23067&package_id =16462&release_id=693468
来源: www.phpmyadmin.net
链接:http://www.phpmyadmin.net/home_page/security/PMASA-2009-5.php
来源: FEDORA
名称: FEDORA-2009-7329
链接:https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00256.html
来源: FEDORA
名称: FEDORA-2009-7340
链接:https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00152.html
来源: FEDORA
名称: FEDORA-2009-7337
链接:https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00150.html
来源: MANDRIVA
名称: MDVSA-2009:192
链接:http://www.mandriva.com/security/advisories?name=MDVSA-2009:192
来源: SECUNIA
名称: 35715