CVE-2009-1285
Published: 16 April 2009
Static code injection vulnerability in the getConfigFile function in setup/lib/ConfigFile.class.php in phpMyAdmin 3.x before 3.1.3.2 allows remote attackers to inject arbitrary PHP code into configuration files.
Notes
Author | Note |
---|---|
jdstrand | For 2.11.x: versions are not affected. For 3.x: versions before 3.1.3.2. |
Priority
Status
Package | Release | Status |
---|---|---|
phpmyadmin Launchpad, Ubuntu, Debian |
upstream |
Released
(3.1.3.2)
|
dapper |
Not vulnerable
|
|
hardy |
Not vulnerable
|
|
intrepid |
Not vulnerable
(4:2.11.8.1-1)
|
|
jaunty |
Released
(4:3.1.2-1ubuntu0.1)
|
|
karmic |
Not vulnerable
(4:3.2.0-1)
|
|
Patches: upstream: http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin?view=rev&revision=12342 upstream: http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin?view=rev&revision=12348 |