CVE-2009-1285: Insufficient output sanitizing when generating configuration file
Bug #392324 reported by
Micah Gersten
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
phpmyadmin (Ubuntu) |
Invalid
|
Medium
|
Unassigned | ||
Jaunty |
Fix Released
|
Medium
|
Marc Deslauriers | ||
Karmic |
Invalid
|
Medium
|
Unassigned |
Bug Description
Binary package hint: phpmyadmin
http://
Setup script used to generate configuration can be fooled using a crafted POST request to include arbitrary PHP code in generated configuration file. Combined with ability to save files on server, this can allow unauthenticated users to execute arbitrary PHP code. This issue is on different parameters than PMASA-2009-3 and it was missed out of our radar because it was not existing in 2.11.x branch.
Related branches
To post a comment you must log in.
Marking Critical per upstream priority