测试过受影响版本 phpmyadmin versions: 3.3.6, 3.3.10, 3.4.0, 3.4.5, 3.4.7
另3.0也有sql注入漏洞
目前最新稳定版为phpMyAdmin 3.4.10.1 注意升级
http://www.phpmyadmin.net/home_page/downloads.php
参考:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4107
http://www.secforce.com/blog/2012/01/cve-2011-4107-poc-phpmyadmin-local-file-inclusion-via-xxe-injection/
No Responses (yet)
Stay in touch with the conversation, subscribe to the RSS feed for comments on this post.