phpMyAdmin Multiple Vulnerabilities
Am Wednesday, 6. Jul 2011 im Topic 'Vulnerabilities'
Software:
phpMyAdmin 3.x
1) An error within the "Swekey_login()" function in libraries/auth/swekey/swekey.auth.lib.php can be exploited to overwrite session variables and e.g. inject and execute arbitrary PHP code.
2) Input passed to the "PMA_createTargetTables()" function in libraries/server_synchronize.lib.php is not properly sanitised before calling the "preg_replace()" function with the "e" modifier. This can be exploited to execute arbitrary PHP code via URL-encoded NULL bytes.
3) Input passed to the "PMA_displayTableBody()" function in libraries/display_tbl.lib.php is not properly sanitised before being used to include files. This can be exploited to include arbitrary files from local resources via directory traversal sequences.
NOTE: A weakness in setup scripts, which could lead to arbitrary PHP code injection if session variables are overwritten.
The vulnerabilities in versions prior to 3.3.10.2 and 3.4.3.1.
phpMyAdmin 3.x
1) An error within the "Swekey_login()" function in libraries/auth/swekey/swekey.auth.lib.php can be exploited to overwrite session variables and e.g. inject and execute arbitrary PHP code.
2) Input passed to the "PMA_createTargetTables()" function in libraries/server_synchronize.lib.php is not properly sanitised before calling the "preg_replace()" function with the "e" modifier. This can be exploited to execute arbitrary PHP code via URL-encoded NULL bytes.
3) Input passed to the "PMA_displayTableBody()" function in libraries/display_tbl.lib.php is not properly sanitised before being used to include files. This can be exploited to include arbitrary files from local resources via directory traversal sequences.
NOTE: A weakness in setup scripts, which could lead to arbitrary PHP code injection if session variables are overwritten.
The vulnerabilities in versions prior to 3.3.10.2 and 3.4.3.1.
