[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

phpmyadmin security update

Package        : phpmyadmin
Version        : 4:3.3.7-8
CVE ID         : CVE-2013-3239 CVE-2013-4995 CVE-2013-4996 CVE-2013-5003

Several vulnerabilities have been discovered in phpMyAdmin, a tool to
administer MySQL over the web. The Common Vulnerabilities and Exposures
project identifies the following problems:


    Authenticated users could execute arbitrary code, when a SaveDir
    directory is configured and Apache HTTP Server has the mod_mime
    module enabled, by employing double filename extensions.


    Authenticatd users could inject arbitrary web script or HTML
    via a crafted SQL query.


    Cross site scripting was possible via a crafted logo URL in
    the navigation panel or a crafted entry in the Trusted Proxy list.


    Authenticated users could execute arbitrary SQL commands as
    the phpMyAdmin 'control user' via the scale parameter of PMD PDF

Attachment: signature.asc
Description: This is a digitally signed message part.

Reply to: