1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
|
Candidate: CVE-2011-2507
PublicDate: 2011-07-14
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2507
Description:
libraries/server_synchronize.lib.php in the Synchronize implementation in
phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 does not properly
quote regular expressions, which allows remote authenticated users to
inject a PCRE e (aka PREG_REPLACE_EVAL) modifier, and consequently execute
arbitrary PHP code, by leveraging the ability to modify the SESSION
superglobal array.
Ubuntu-Description:
Notes:
Bugs:
https://bugs.launchpad.net/ubuntu/+source/phpmyadmin/+bug/806788
Priority: medium
Discovered-by:
Assigned-to:
Patches_phpmyadmin:
upstream_phpmyadmin: released (4:3.4.3.1-1)
hardy_phpmyadmin: ignored (reached end-of-life)
lucid_phpmyadmin: ignored (reached end-of-life)
maverick_phpmyadmin: ignored (reached end-of-life)
natty_phpmyadmin: ignored (reached end-of-life)
oneiric_phpmyadmin: released (4:3.4.3.1-1)
precise_phpmyadmin: released (4:3.4.3.1-1)
quantal_phpmyadmin: released (4:3.4.3.1-1)
raring_phpmyadmin: released (4:3.4.3.1-1)
saucy_phpmyadmin: released (4:3.4.3.1-1)
devel_phpmyadmin: released (4:3.4.3.1-1)
|