Skip to content


phpMyAdmin 3.3.X and 3.4.X 含有注入漏洞

测试过受影响版本 phpmyadmin versions: 3.3.6, 3.3.10, 3.4.0, 3.4.5, 3.4.7

另3.0也有sql注入漏洞

目前最新稳定版为phpMyAdmin 3.4.10.1 注意升级
http://www.phpmyadmin.net/home_page/downloads.php

参考:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4107
http://www.secforce.com/blog/2012/01/cve-2011-4107-poc-phpmyadmin-local-file-inclusion-via-xxe-injection/

Posted in 安全通告.

Tagged with , .


No Responses (yet)

Stay in touch with the conversation, subscribe to the RSS feed for comments on this post.



Some HTML is OK

or, reply to this post via trackback.