FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

phpmyadmin -- multiple vulnerabilities

Affected packages
phpMyAdmin < 3.4.3.1

Details

VuXML ID 7e4e5c53-a56c-11e0-b180-00216aa06fc2
Discovery 2011-07-02
Entry 2011-07-03
Modified 2011-07-28

The phpMyAdmin development team reports:

It was possible to manipulate the PHP session superglobal using some of the Swekey authentication code. This could open a path for other attacks.

[source]

An unsanitized key from the Servers array is written in a comment of the generated config. An attacker can modify this key by modifying the SESSION superglobal array. This allows the attacker to close the comment and inject code.

[source]

Through a possible bug in PHP running on Windows systems a NULL byte can truncate the pattern string allowing an attacker to inject the /e modifier causing the preg_replace function to execute its second argument as PHP code.

[source]

Fixed filtering of a file path in the MIME-type transformation code, which allowed for directory traversal.

[source]

References

CVE Name CVE-2011-2505
CVE Name CVE-2011-2506
CVE Name CVE-2011-2507
CVE Name CVE-2011-2508
URL http://www.phpmyadmin.net/home_page/security/PMASA-2011-5.php
URL http://www.phpmyadmin.net/home_page/security/PMASA-2011-6.php
URL http://www.phpmyadmin.net/home_page/security/PMASA-2011-7.php
URL http://www.phpmyadmin.net/home_page/security/PMASA-2011-8.php

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.