phpMyAdmin SQL书签HTML注入漏洞

CNNVD-ID编号	CNNVD-200907-017
CVE编号	CVE-2009-2284
发布时间	2009-06-30
更新时间	2009-08-07
漏洞类型	跨站脚本
漏洞来源	Sven Vetsch admin@disenchant.ch
危险等级	中危
威胁类型	远程
厂商	phpmyadmin

漏洞介绍

phpMyAdmin是用PHP编写的工具，用于通过WEB管理MySQL。

phpMyAdmin没有正确地过滤某些对SQL书签所传送的输入，远程攻击者可以通过提交恶意请求注入并执行任意HTML和脚本代码。

漏洞补丁

目前厂商已经发布了升级补丁以修复这个安全问题，补丁下载链接：

MandrakeSoft Enterprise Server 5

Mandriva phpmyadmin-3.2.0.1-0.1mdvmes5.noarch.rpm

http://www.mandriva.com/en/download/

phpMyAdmin phpMyAdmin 3.1.3.2

phpMyAdmin phpMyAdmin 3.2.0.1

http://sourceforge.net/project/showfiles.php?group_id=23067&package_id =16462&release_id=693468

phpMyAdmin phpMyAdmin 3.0.1.1

phpMyAdmin phpMyAdmin 3.2.0.1

http://sourceforge.net/project/showfiles.php?group_id=23067&package_id =16462&release_id=693468

MandrakeSoft Enterprise Server 5 x86_64

Mandriva phpmyadmin-3.2.0.1-0.1mdvmes5.noarch.rpm

http://www.mandriva.com/en/download/

phpMyAdmin phpMyAdmin 3.1.3.1

phpMyAdmin phpMyAdmin 3.2.0.1

http://sourceforge.net/project/showfiles.php?group_id=23067&package_id =16462&release_id=693468

phpMyAdmin phpMyAdmin 3.2.0-rc1

phpMyAdmin phpMyAdmin 3.2.0.1

http://sourceforge.net/project/showfiles.php?group_id=23067&package_id =16462&release_id=693468

phpMyAdmin phpMyAdmin 3.0

phpMyAdmin phpMyAdmin 3.2.0.1

http://sourceforge.net/project/showfiles.php?group_id=23067&package_id =16462&release_id=693468

phpMyAdmin phpMyAdmin 3.0.1

phpMyAdmin phpMyAdmin 3.2.0.1

http://sourceforge.net/project/showfiles.php?group_id=23067&package_id =16462&release_id=693468

phpMyAdmin phpMyAdmin 3.1 0

phpMyAdmin phpMyAdmin 3.2.0.1

http://sourceforge.net/project/showfiles.php?group_id=23067&package_id =16462&release_id=693468

phpMyAdmin phpMyAdmin 3.1.1 1

phpMyAdmin phpMyAdmin 3.2.0.1

http://sourceforge.net/project/showfiles.php?group_id=23067&package_id =16462&release_id=693468

phpMyAdmin phpMyAdmin 3.1.1 0

phpMyAdmin phpMyAdmin 3.2.0.1

http://sourceforge.net/project/showfiles.php?group_id=23067&package_id =16462&release_id=693468

参考网址

来源: www.phpmyadmin.net

链接：http://www.phpmyadmin.net/home_page/security/PMASA-2009-5.php
来源: FEDORA

名称: FEDORA-2009-7329

链接：https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00256.html
来源: FEDORA

名称: FEDORA-2009-7340

链接：https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00152.html
来源: FEDORA

名称: FEDORA-2009-7337

链接：https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00150.html
来源: MANDRIVA

名称: MDVSA-2009:192

链接：http://www.mandriva.com/security/advisories?name=MDVSA-2009:192
来源: SECUNIA

名称: 35715

链接：http://secunia.com/advisories/35715

受影响实体

信息来源

http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200907-017

行业资讯-文章归档问答-问答归档