PHPPGAdmin包含文件任意命令执行漏洞

漏洞信息详情

PHPPGAdmin包含文件任意命令执行漏洞

• CNNVD编号：CNNVD-200106-162
• 危害等级： 高危
  
  
• CVE编号：
  CVE-2001-0479
  
• 漏洞类型：
  
  
  路径遍历
  
• 发布时间：
  
  2001-06-27
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2005-10-20
  
• 厂        商：
  
  phppgadmin
• 漏洞来源：
  This vulnerability…

phpPgAdmin 2.2.1及其早期版本存在目录遍历漏洞。远程攻击者借助的参数的 .. (点 点)到sql.php脚本执行任意代码。

Patches available:
phpPgAdmin phpPgAdmin 2.2

• phpPgAdmin phpPgAdmin_2-3.tar.gz
  ftp://ftp.greatbridge.org/pub/phppgadmin/stable/phpPgAdmin_2-3.tar.gz
• Secure Reality 2.2.1 phpPgAdmin-SecureReality.diff
  
  http://www.securereality.com.au/patches/phpPgAdmin-SecureReality.diff

phpPgAdmin phpPgAdmin 2.2.1 pl1

• phpPgAdmin phpPgAdmin_2-3.tar.gz
  ftp://ftp.greatbridge.org/pub/phppgadmin/stable/phpPgAdmin_2-3.tar.gz
• Secure Reality 2.2.1 phpPgAdmin-SecureReality.diff
  
  http://www.securereality.com.au/patches/phpPgAdmin-SecureReality.diff

phpPgAdmin phpPgAdmin 2.2.1

• phpPgAdmin phpPgAdmin_2-3.tar.gz
  ftp://ftp.greatbridge.org/pub/phppgadmin/stable/phpPgAdmin_2-3.tar.gz
• Secure Reality 2.2.1 phpPgAdmin-SecureReality.diff
  
  http://www.securereality.com.au/patches/phpPgAdmin-SecureReality.diff

来源: BID
名称: 2640
链接:http://www.securityfocus.com/bid/2640

来源: BUGTRAQ
名称: 20010423 (SRPRE00001) phpMyAdmin 2.1.0 and phpPgAdmin 2.2.1
链接:http://archives.neohapsis.com/archives/bugtraq/2001-04/0396.html

来源: www.greatbridge.org
链接:http://www.greatbridge.org/project/phppgadmin/cvs/checkout.php/phpPgAdmin/ChangeLog?r=1.13