An issue was discovered in phpMyAdmin involving the $cfg['ArbitraryServerRegexp'] configuration directive. An attacker could reuse certain cookie values in a way of bypassing the servers defined by ArbitraryServerRegexp. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.
oryginał ENCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HPhpmyadmin
APPPhpmyadmin4.0.04.0.14.0.104.0.10.14.0.10.104.0.10.114.0.10.124.0.10.134.0.10.144.0.10.154.0.10.164.0.10.24.0.10.34.0.10.44.0.10.5+ 45 więcej
Powiązane podatności
Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 a...
SQL Injection vulnerability in function getTableCreationQuery in CreateAddField.php in phpMyAdmin 5.x before 5...
An issue was discovered in SearchController in phpMyAdmin before 4.9.6 and 5.x before 5.0.3. A SQL injection v...
phpMyAdmin before 4.9.2 does not escape certain Git information, related to libraries/classes/Display/GitRevis...
An issue was discovered in phpMyAdmin before 4.9.2. A crafted database/table name can be used to trigger a SQL...