cvelistv5 - cve-2009-1150

CVE-2009-1150 (GCVE-0-2009-1150)

Vulnerability from cvelistv5 – Published: 2009-03-26 14:00 – Updated: 2024-08-07 05:04

Summary

Multiple cross-site scripting (XSS) vulnerabilities in the export page (display_export.lib.php) in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allow remote attackers to inject arbitrary web script or HTML via the pma_db_filename_template cookie.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.phpmyadmin.net/home_page/security/PMAS…	x_refsource_CONFIRM
	http://security.gentoo.org/glsa/glsa-200906-03.xml	vendor-advisoryx_refsource_GENTOO
	http://phpmyadmin.svn.sourceforge.net/viewvc/phpm…	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/34251	vdb-entryx_refsource_BID
	http://secunia.com/advisories/34642	third-party-advisoryx_refsource_SECUNIA
	http://www.debian.org/security/2009/dsa-1824	vendor-advisoryx_refsource_DEBIAN
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
	http://secunia.com/advisories/34430	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/35635	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/35585	third-party-advisoryx_refsource_SECUNIA

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T05:04:48.406Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.phpmyadmin.net/home_page/security/PMASA-2009-2.php"
          },
          {
            "name": "GLSA-200906-03",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200906-03.xml"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/trunk/phpMyAdmin/libraries/display_export.lib.php?r1=11986\u0026r2=12302\u0026pathrev=12302"
          },
          {
            "name": "34251",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/34251"
          },
          {
            "name": "34642",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/34642"
          },
          {
            "name": "DSA-1824",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2009/dsa-1824"
          },
          {
            "name": "SUSE-SR:2009:008",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html"
          },
          {
            "name": "MDVSA-2009:115",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:115"
          },
          {
            "name": "34430",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/34430"
          },
          {
            "name": "35635",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35635"
          },
          {
            "name": "35585",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35585"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-03-24T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple cross-site scripting (XSS) vulnerabilities in the export page (display_export.lib.php) in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allow remote attackers to inject arbitrary web script or HTML via the pma_db_filename_template cookie."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2009-04-02T09:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.phpmyadmin.net/home_page/security/PMASA-2009-2.php"
        },
        {
          "name": "GLSA-200906-03",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200906-03.xml"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/trunk/phpMyAdmin/libraries/display_export.lib.php?r1=11986\u0026r2=12302\u0026pathrev=12302"
        },
        {
          "name": "34251",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/34251"
        },
        {
          "name": "34642",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/34642"
        },
        {
          "name": "DSA-1824",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2009/dsa-1824"
        },
        {
          "name": "SUSE-SR:2009:008",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html"
        },
        {
          "name": "MDVSA-2009:115",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:115"
        },
        {
          "name": "34430",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/34430"
        },
        {
          "name": "35635",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35635"
        },
        {
          "name": "35585",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35585"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-1150",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in the export page (display_export.lib.php) in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allow remote attackers to inject arbitrary web script or HTML via the pma_db_filename_template cookie."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.phpmyadmin.net/home_page/security/PMASA-2009-2.php",
              "refsource": "CONFIRM",
              "url": "http://www.phpmyadmin.net/home_page/security/PMASA-2009-2.php"
            },
            {
              "name": "GLSA-200906-03",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200906-03.xml"
            },
            {
              "name": "http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/trunk/phpMyAdmin/libraries/display_export.lib.php?r1=11986\u0026r2=12302\u0026pathrev=12302",
              "refsource": "CONFIRM",
              "url": "http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/trunk/phpMyAdmin/libraries/display_export.lib.php?r1=11986\u0026r2=12302\u0026pathrev=12302"
            },
            {
              "name": "34251",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/34251"
            },
            {
              "name": "34642",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/34642"
            },
            {
              "name": "DSA-1824",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2009/dsa-1824"
            },
            {
              "name": "SUSE-SR:2009:008",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html"
            },
            {
              "name": "MDVSA-2009:115",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:115"
            },
            {
              "name": "34430",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/34430"
            },
            {
              "name": "35635",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/35635"
            },
            {
              "name": "35585",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/35585"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-1150",
    "datePublished": "2009-03-26T14:00:00",
    "dateReserved": "2009-03-26T00:00:00",
    "dateUpdated": "2024-08-07T05:04:48.406Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A98FF47C-8BA8-40E1-98F5-743CAD5DC52A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.0:beta1:*:*:*:*:*:*\", \"matchCriteriaId\": \"346DF9C7-40BE-44FD-BB5A-23F60616E97F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.0:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"B00F4D78-34C3-4934-8AFA-B7283388B246\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2B9F52BC-AC6A-41BB-8276-6176FA068929\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.1:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"BDA3305E-CBC2-4469-923F-29EDA0402CB1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4BC82C85-C9CF-424D-A07A-E841F7AC1904\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E0549FC5-B8E8-455D-867B-BAF321DE7004\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.1.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"01DA6D40-2D3A-4490-B4E6-1367C585ED9A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9E351CA2-71DB-4025-8477-24DFE5349195\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"34AB221E-3DFA-43E4-9DBA-5565F81C0120\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FCB774D1-8B5D-4118-8A5B-D7D14D7DE162\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.2.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6C10F7C9-FAAA-4D05-8CB2-F5CB397F8410\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"54669C6E-C13B-4602-9CC1-53B24CB897FF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.3:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"40CE5E7C-A965-492F-AE85-535C3E5F1B17\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2F8AAB78-8460-43BB-9326-0395F7496EC8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2909BBB8-AB67-45DC-BAF0-015CBF97AFD8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.4:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"52F3DA64-2099-4A4F-9F38-F28255F47BD1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"80E1F897-861F-4E10-8E05-3C0DD60C7979\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.5:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"D8CC1C1E-2B8C-4E59-B5ED-ED2957B46743\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EA5BCF7D-43FC-459C-8564-F0DCDC301FC8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.5.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DA6A75C9-C695-45DF-9526-8DEA506FB21F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.5.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"03246EF4-F805-4C1C-9E6C-D85AFBD2D168\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DE432385-9FC2-4EB3-9770-4CA9A2979019\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.6:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"4EFCA67E-49E1-41FF-8B40-0209FF7893FB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0AF4BA83-50C0-4D90-9755-CC99A0FF987E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AE588389-7B4F-4949-BB7A-233C6BE31859\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8E709A6B-B580-414B-8CEE-8FF99F8409C5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4B9AA2E6-CF57-40A1-9A9C-B704D8B009F2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8DE75CBB-4EC2-4B97-9E86-28BB05DEA30C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A26E7D37-FA99-42EA-8E19-ED2343E8E70A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.9.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A982E152-5A20-4A3A-9A98-6CF9EEF9141A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.9.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FFA11353-1DD1-4593-84E8-1D3CBB2C2166\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.9.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FB0C19FB-60DF-440F-9A32-B9C62EBA9836\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.9.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9716FC40-F759-4D24-9604-7A2DB32A8F42\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:3.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"400E2D41-CB1F-4E5C-B08D-35294F8D1402\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:3.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F4AFEEBA-01BA-46D6-86A3-B1B5A8F1B5FB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:3.1.1:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"3F72014B-B168-4FFA-ADDC-86CE84D19681\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:3.1.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AFFE8553-D8FF-4BA3-9325-A3C366FDFBEB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:3.1.2:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"72CD1784-3F48-49B5-A154-61C1F7EC3F61\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:3.1.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CAAA1171-F570-4E4D-B667-2D4C8F8ECDD0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:3.1.3:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"278B4EF3-4331-4334-AB55-EC05C069F48A\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Multiple cross-site scripting (XSS) vulnerabilities in the export page (display_export.lib.php) in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allow remote attackers to inject arbitrary web script or HTML via the pma_db_filename_template cookie.\"}, {\"lang\": \"es\", \"value\": \"M\\u00faltiples vulnerabilidades de ejecuci\\u00f3n de secuencias de comandos en sitios cruzados - XSS - en la p\\u00e1gina de exportaci\\u00f3n (display_export.lib.php) en phpMyAdmin v2.11.x anteriores a v2.11.9.5 y v3.x anteriores a v3.1.3.1, permite a los atacantes remotos inyectar una secuencia de comandos web o HTML a trav\\u00e9s de la cookie pma_db_filename_template.\"}]",
      "id": "CVE-2009-1150",
      "lastModified": "2024-11-21T01:01:47.097",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:P/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2009-03-26T14:30:00.233",
      "references": "[{\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/trunk/phpMyAdmin/libraries/display_export.lib.php?r1=11986\u0026r2=12302\u0026pathrev=12302\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/34430\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/34642\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/35585\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/35635\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://security.gentoo.org/glsa/glsa-200906-03.xml\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.debian.org/security/2009/dsa-1824\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDVSA-2009:115\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.phpmyadmin.net/home_page/security/PMASA-2009-2.php\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/34251\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/trunk/phpMyAdmin/libraries/display_export.lib.php?r1=11986\u0026r2=12302\u0026pathrev=12302\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/34430\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/34642\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/35585\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/35635\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://security.gentoo.org/glsa/glsa-200906-03.xml\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.debian.org/security/2009/dsa-1824\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDVSA-2009:115\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.phpmyadmin.net/home_page/security/PMASA-2009-2.php\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/34251\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2009-1150\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2009-03-26T14:30:00.233\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Multiple cross-site scripting (XSS) vulnerabilities in the export page (display_export.lib.php) in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allow remote attackers to inject arbitrary web script or HTML via the pma_db_filename_template cookie.\"},{\"lang\":\"es\",\"value\":\"M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados - XSS - en la p\u00e1gina de exportaci\u00f3n (display_export.lib.php) en phpMyAdmin v2.11.x anteriores a v2.11.9.5 y v3.x anteriores a v3.1.3.1, permite a los atacantes remotos inyectar una secuencia de comandos web o HTML a trav\u00e9s de la cookie pma_db_filename_template.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A98FF47C-8BA8-40E1-98F5-743CAD5DC52A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.0:beta1:*:*:*:*:*:*\",\"matchCriteriaId\":\"346DF9C7-40BE-44FD-BB5A-23F60616E97F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"B00F4D78-34C3-4934-8AFA-B7283388B246\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2B9F52BC-AC6A-41BB-8276-6176FA068929\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.1:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"BDA3305E-CBC2-4469-923F-29EDA0402CB1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4BC82C85-C9CF-424D-A07A-E841F7AC1904\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E0549FC5-B8E8-455D-867B-BAF321DE7004\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"01DA6D40-2D3A-4490-B4E6-1367C585ED9A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9E351CA2-71DB-4025-8477-24DFE5349195\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"34AB221E-3DFA-43E4-9DBA-5565F81C0120\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FCB774D1-8B5D-4118-8A5B-D7D14D7DE162\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6C10F7C9-FAAA-4D05-8CB2-F5CB397F8410\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"54669C6E-C13B-4602-9CC1-53B24CB897FF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.3:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"40CE5E7C-A965-492F-AE85-535C3E5F1B17\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F8AAB78-8460-43BB-9326-0395F7496EC8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2909BBB8-AB67-45DC-BAF0-015CBF97AFD8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.4:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"52F3DA64-2099-4A4F-9F38-F28255F47BD1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80E1F897-861F-4E10-8E05-3C0DD60C7979\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.5:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"D8CC1C1E-2B8C-4E59-B5ED-ED2957B46743\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EA5BCF7D-43FC-459C-8564-F0DCDC301FC8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DA6A75C9-C695-45DF-9526-8DEA506FB21F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.5.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"03246EF4-F805-4C1C-9E6C-D85AFBD2D168\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DE432385-9FC2-4EB3-9770-4CA9A2979019\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.6:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"4EFCA67E-49E1-41FF-8B40-0209FF7893FB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0AF4BA83-50C0-4D90-9755-CC99A0FF987E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AE588389-7B4F-4949-BB7A-233C6BE31859\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8E709A6B-B580-414B-8CEE-8FF99F8409C5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4B9AA2E6-CF57-40A1-9A9C-B704D8B009F2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8DE75CBB-4EC2-4B97-9E86-28BB05DEA30C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A26E7D37-FA99-42EA-8E19-ED2343E8E70A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.9.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A982E152-5A20-4A3A-9A98-6CF9EEF9141A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.9.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FFA11353-1DD1-4593-84E8-1D3CBB2C2166\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.9.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FB0C19FB-60DF-440F-9A32-B9C62EBA9836\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.9.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9716FC40-F759-4D24-9604-7A2DB32A8F42\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:3.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"400E2D41-CB1F-4E5C-B08D-35294F8D1402\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:3.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4AFEEBA-01BA-46D6-86A3-B1B5A8F1B5FB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:3.1.1:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"3F72014B-B168-4FFA-ADDC-86CE84D19681\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:3.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AFFE8553-D8FF-4BA3-9325-A3C366FDFBEB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:3.1.2:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"72CD1784-3F48-49B5-A154-61C1F7EC3F61\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:3.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CAAA1171-F570-4E4D-B667-2D4C8F8ECDD0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:3.1.3:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"278B4EF3-4331-4334-AB55-EC05C069F48A\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/trunk/phpMyAdmin/libraries/display_export.lib.php?r1=11986\u0026r2=12302\u0026pathrev=12302\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/34430\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/34642\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/35585\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/35635\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://security.gentoo.org/glsa/glsa-200906-03.xml\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.debian.org/security/2009/dsa-1824\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2009:115\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.phpmyadmin.net/home_page/security/PMASA-2009-2.php\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/34251\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/trunk/phpMyAdmin/libraries/display_export.lib.php?r1=11986\u0026r2=12302\u0026pathrev=12302\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/34430\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/34642\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/35585\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/35635\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://security.gentoo.org/glsa/glsa-200906-03.xml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.debian.org/security/2009/dsa-1824\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2009:115\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.phpmyadmin.net/home_page/security/PMASA-2009-2.php\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/34251\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

GHSA-PGQX-HCP9-24PQ

Vulnerability from github – Published: 2022-05-02 03:22 – Updated: 2022-05-02 03:22

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2009-1150"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2009-03-26T14:30:00Z",
    "severity": "MODERATE"
  },
  "details": "Multiple cross-site scripting (XSS) vulnerabilities in the export page (display_export.lib.php) in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allow remote attackers to inject arbitrary web script or HTML via the pma_db_filename_template cookie.",
  "id": "GHSA-pgqx-hcp9-24pq",
  "modified": "2022-05-02T03:22:03Z",
  "published": "2022-05-02T03:22:03Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1150"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html"
    },
    {
      "type": "WEB",
      "url": "http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/trunk/phpMyAdmin/libraries/display_export.lib.php?r1=11986\u0026r2=12302\u0026pathrev=12302"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/34430"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/34642"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/35585"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/35635"
    },
    {
      "type": "WEB",
      "url": "http://security.gentoo.org/glsa/glsa-200906-03.xml"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2009/dsa-1824"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:115"
    },
    {
      "type": "WEB",
      "url": "http://www.phpmyadmin.net/home_page/security/PMASA-2009-2.php"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/34251"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CERTA-2009-AVI-117

Vulnerability from certfr_avis - Published: - Updated:

Plusieurs vulnérabilités dans phpMyAdmin permettent de réaliser des injections de code indirectes et d'exécuter du code arbitraire à distance.

Description

Plusieurs vulnérabilités ont été découvertes dans phpMyAdmin :

la fonctionnalité des flux BLOB permet d'inclure des fichiers distants et d'injecter des entêtes HTTP (PMASA-2009-1). Cette vulnérabilité n'affecte que les versions depuis 3.1.0.0 ;
la page d'export fait appel à des cookies qui peuvent être modifiés de telle sorte à réaliser une attaque de type cross-site scripting (PMASA-2009-2) ;
les scripts d'installation utilisés pour créer le fichier de configuration peuvent être détournés au moyen d'une requête POST afin de provoquer l'inclusion d'un fichier distant (PMASA-2009-3).

Solution

Se référer aux bulletins de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	phpMyAdmin	phpMyAdmin	phpMyAdmin versions 2.11.x antérieures à 2.11.9.5 ;
	phpMyAdmin	phpMyAdmin	phpMyAdmin versions 3.x antérieures à 3.1.3.1.

References

Title

Publication Time

Tags

Bulletin de sécurité phpMyAdmin PMASA-2009-1 du 24 mars 2009	None	vendor-advisory
Bulletin de sécurité phpMyAdmin PMASA-2009-2 du 24 mars 2009	None	vendor-advisory
Bulletin de sécurité phpMyAdmin PMASA-2009-3 du 24 mars 2009	None	vendor-advisory
Bulletin de sécurité phpMyAdmin PMASA-2009-2 du 24 mars 2009 :	-	other
Bulletin de sécurité phpMyAdmin PMASA-2009-1 du 24 mars 2009 :	-	other
Bulletin de sécurité phpMyAdmin PMASA-2009-3 du 24 mars 2009 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "phpMyAdmin versions 2.11.x ant\u00e9rieures \u00e0 2.11.9.5 ;",
      "product": {
        "name": "phpMyAdmin",
        "vendor": {
          "name": "phpMyAdmin",
          "scada": false
        }
      }
    },
    {
      "description": "phpMyAdmin versions 3.x ant\u00e9rieures \u00e0 3.1.3.1.",
      "product": {
        "name": "phpMyAdmin",
        "vendor": {
          "name": "phpMyAdmin",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans phpMyAdmin :\n\n-   la fonctionnalit\u00e9 des flux BLOB permet d\u0027inclure des fichiers\n    distants et d\u0027injecter des ent\u00eates HTTP (PMASA-2009-1). Cette\n    vuln\u00e9rabilit\u00e9 n\u0027affecte que les versions depuis 3.1.0.0 ;\n-   la page d\u0027export fait appel \u00e0 des cookies qui peuvent \u00eatre modifi\u00e9s\n    de telle sorte \u00e0 r\u00e9aliser une attaque de type cross-site scripting\n    (PMASA-2009-2) ;\n-   les scripts d\u0027installation utilis\u00e9s pour cr\u00e9er le fichier de\n    configuration peuvent \u00eatre d\u00e9tourn\u00e9s au moyen d\u0027une requ\u00eate POST\n    afin de provoquer l\u0027inclusion d\u0027un fichier distant (PMASA-2009-3).\n\n## Solution\n\nSe r\u00e9f\u00e9rer aux bulletins de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-1151",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1151"
    },
    {
      "name": "CVE-2009-1148",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1148"
    },
    {
      "name": "CVE-2009-1150",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1150"
    },
    {
      "name": "CVE-2009-1149",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1149"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2009-2 du 24 mars    2009 :",
      "url": "http://www.phpmyadmin.net/home_page/security/PMASA-2009-2.php"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2009-1 du 24 mars    2009 :",
      "url": "http://www.phpmyadmin.net/home_page/security/PMASA-2009-1.php"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2009-3 du 24 mars    2009 :",
      "url": "http://www.phpmyadmin.net/home_page/security/PMASA-2009-3.php"
    }
  ],
  "reference": "CERTA-2009-AVI-117",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-03-26T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Injections de code indirectes"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s dans \u003cspan class=\"textit\"\u003ephpMyAdmin\u003c/span\u003e\npermettent de r\u00e9aliser des injections de code indirectes et d\u0027ex\u00e9cuter\ndu code arbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans phpMyAdmin",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2009-1 du 24 mars 2009",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2009-2 du 24 mars 2009",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2009-3 du 24 mars 2009",
      "url": null
    }
  ]
}

CERTA-2009-AVI-117

Vulnerability from certfr_avis - Published: - Updated:

Plusieurs vulnérabilités dans phpMyAdmin permettent de réaliser des injections de code indirectes et d'exécuter du code arbitraire à distance.

Description

Plusieurs vulnérabilités ont été découvertes dans phpMyAdmin :

la fonctionnalité des flux BLOB permet d'inclure des fichiers distants et d'injecter des entêtes HTTP (PMASA-2009-1). Cette vulnérabilité n'affecte que les versions depuis 3.1.0.0 ;
la page d'export fait appel à des cookies qui peuvent être modifiés de telle sorte à réaliser une attaque de type cross-site scripting (PMASA-2009-2) ;
les scripts d'installation utilisés pour créer le fichier de configuration peuvent être détournés au moyen d'une requête POST afin de provoquer l'inclusion d'un fichier distant (PMASA-2009-3).

Solution

Se référer aux bulletins de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	phpMyAdmin	phpMyAdmin	phpMyAdmin versions 2.11.x antérieures à 2.11.9.5 ;
	phpMyAdmin	phpMyAdmin	phpMyAdmin versions 3.x antérieures à 3.1.3.1.

References

Title

Publication Time

Tags

Bulletin de sécurité phpMyAdmin PMASA-2009-1 du 24 mars 2009	None	vendor-advisory
Bulletin de sécurité phpMyAdmin PMASA-2009-2 du 24 mars 2009	None	vendor-advisory
Bulletin de sécurité phpMyAdmin PMASA-2009-3 du 24 mars 2009	None	vendor-advisory
Bulletin de sécurité phpMyAdmin PMASA-2009-2 du 24 mars 2009 :	-	other
Bulletin de sécurité phpMyAdmin PMASA-2009-1 du 24 mars 2009 :	-	other
Bulletin de sécurité phpMyAdmin PMASA-2009-3 du 24 mars 2009 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "phpMyAdmin versions 2.11.x ant\u00e9rieures \u00e0 2.11.9.5 ;",
      "product": {
        "name": "phpMyAdmin",
        "vendor": {
          "name": "phpMyAdmin",
          "scada": false
        }
      }
    },
    {
      "description": "phpMyAdmin versions 3.x ant\u00e9rieures \u00e0 3.1.3.1.",
      "product": {
        "name": "phpMyAdmin",
        "vendor": {
          "name": "phpMyAdmin",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans phpMyAdmin :\n\n-   la fonctionnalit\u00e9 des flux BLOB permet d\u0027inclure des fichiers\n    distants et d\u0027injecter des ent\u00eates HTTP (PMASA-2009-1). Cette\n    vuln\u00e9rabilit\u00e9 n\u0027affecte que les versions depuis 3.1.0.0 ;\n-   la page d\u0027export fait appel \u00e0 des cookies qui peuvent \u00eatre modifi\u00e9s\n    de telle sorte \u00e0 r\u00e9aliser une attaque de type cross-site scripting\n    (PMASA-2009-2) ;\n-   les scripts d\u0027installation utilis\u00e9s pour cr\u00e9er le fichier de\n    configuration peuvent \u00eatre d\u00e9tourn\u00e9s au moyen d\u0027une requ\u00eate POST\n    afin de provoquer l\u0027inclusion d\u0027un fichier distant (PMASA-2009-3).\n\n## Solution\n\nSe r\u00e9f\u00e9rer aux bulletins de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-1151",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1151"
    },
    {
      "name": "CVE-2009-1148",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1148"
    },
    {
      "name": "CVE-2009-1150",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1150"
    },
    {
      "name": "CVE-2009-1149",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1149"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2009-2 du 24 mars    2009 :",
      "url": "http://www.phpmyadmin.net/home_page/security/PMASA-2009-2.php"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2009-1 du 24 mars    2009 :",
      "url": "http://www.phpmyadmin.net/home_page/security/PMASA-2009-1.php"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2009-3 du 24 mars    2009 :",
      "url": "http://www.phpmyadmin.net/home_page/security/PMASA-2009-3.php"
    }
  ],
  "reference": "CERTA-2009-AVI-117",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-03-26T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Injections de code indirectes"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s dans \u003cspan class=\"textit\"\u003ephpMyAdmin\u003c/span\u003e\npermettent de r\u00e9aliser des injections de code indirectes et d\u0027ex\u00e9cuter\ndu code arbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans phpMyAdmin",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2009-1 du 24 mars 2009",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2009-2 du 24 mars 2009",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 phpMyAdmin PMASA-2009-3 du 24 mars 2009",
      "url": null
    }
  ]
}

FKIE_CVE-2009-1150

Vulnerability from fkie_nvd - Published: 2009-03-26 14:30 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html
cve@mitre.org	http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/trunk/phpMyAdmin/libraries/display_export.lib.php?r1=11986&r2=12302&pathrev=12302
cve@mitre.org	http://secunia.com/advisories/34430	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/34642	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/35585	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/35635	Vendor Advisory
cve@mitre.org	http://security.gentoo.org/glsa/glsa-200906-03.xml
cve@mitre.org	http://www.debian.org/security/2009/dsa-1824
cve@mitre.org	http://www.mandriva.com/security/advisories?name=MDVSA-2009:115
cve@mitre.org	http://www.phpmyadmin.net/home_page/security/PMASA-2009-2.php	Patch, Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/bid/34251
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html
af854a3a-2127-422b-91ae-364da2661108	http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/trunk/phpMyAdmin/libraries/display_export.lib.php?r1=11986&r2=12302&pathrev=12302
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/34430	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/34642	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/35585	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/35635	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://security.gentoo.org/glsa/glsa-200906-03.xml
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2009/dsa-1824
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2009:115
af854a3a-2127-422b-91ae-364da2661108	http://www.phpmyadmin.net/home_page/security/PMASA-2009-2.php	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/34251

Impacted products

Vendor	Product	Version
phpmyadmin	phpmyadmin	2.11.0
phpmyadmin	phpmyadmin	2.11.0
phpmyadmin	phpmyadmin	2.11.0
phpmyadmin	phpmyadmin	2.11.1
phpmyadmin	phpmyadmin	2.11.1
phpmyadmin	phpmyadmin	2.11.1.0
phpmyadmin	phpmyadmin	2.11.1.1
phpmyadmin	phpmyadmin	2.11.1.2
phpmyadmin	phpmyadmin	2.11.2
phpmyadmin	phpmyadmin	2.11.2.0
phpmyadmin	phpmyadmin	2.11.2.1
phpmyadmin	phpmyadmin	2.11.2.2
phpmyadmin	phpmyadmin	2.11.3
phpmyadmin	phpmyadmin	2.11.3
phpmyadmin	phpmyadmin	2.11.3.0
phpmyadmin	phpmyadmin	2.11.4
phpmyadmin	phpmyadmin	2.11.4
phpmyadmin	phpmyadmin	2.11.5
phpmyadmin	phpmyadmin	2.11.5
phpmyadmin	phpmyadmin	2.11.5.0
phpmyadmin	phpmyadmin	2.11.5.1
phpmyadmin	phpmyadmin	2.11.5.2
phpmyadmin	phpmyadmin	2.11.6
phpmyadmin	phpmyadmin	2.11.6
phpmyadmin	phpmyadmin	2.11.6.0
phpmyadmin	phpmyadmin	2.11.7
phpmyadmin	phpmyadmin	2.11.7.0
phpmyadmin	phpmyadmin	2.11.8
phpmyadmin	phpmyadmin	2.11.9
phpmyadmin	phpmyadmin	2.11.9.0
phpmyadmin	phpmyadmin	2.11.9.1
phpmyadmin	phpmyadmin	2.11.9.2
phpmyadmin	phpmyadmin	2.11.9.3
phpmyadmin	phpmyadmin	2.11.9.4
phpmyadmin	phpmyadmin	3.1.0
phpmyadmin	phpmyadmin	3.1.1
phpmyadmin	phpmyadmin	3.1.1
phpmyadmin	phpmyadmin	3.1.2
phpmyadmin	phpmyadmin	3.1.2
phpmyadmin	phpmyadmin	3.1.3
phpmyadmin	phpmyadmin	3.1.3

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A98FF47C-8BA8-40E1-98F5-743CAD5DC52A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "346DF9C7-40BE-44FD-BB5A-23F60616E97F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "B00F4D78-34C3-4934-8AFA-B7283388B246",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B9F52BC-AC6A-41BB-8276-6176FA068929",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.1:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "BDA3305E-CBC2-4469-923F-29EDA0402CB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4BC82C85-C9CF-424D-A07A-E841F7AC1904",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0549FC5-B8E8-455D-867B-BAF321DE7004",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "01DA6D40-2D3A-4490-B4E6-1367C585ED9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E351CA2-71DB-4025-8477-24DFE5349195",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "34AB221E-3DFA-43E4-9DBA-5565F81C0120",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCB774D1-8B5D-4118-8A5B-D7D14D7DE162",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C10F7C9-FAAA-4D05-8CB2-F5CB397F8410",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "54669C6E-C13B-4602-9CC1-53B24CB897FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.3:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "40CE5E7C-A965-492F-AE85-535C3E5F1B17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F8AAB78-8460-43BB-9326-0395F7496EC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "2909BBB8-AB67-45DC-BAF0-015CBF97AFD8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.4:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "52F3DA64-2099-4A4F-9F38-F28255F47BD1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "80E1F897-861F-4E10-8E05-3C0DD60C7979",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.5:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "D8CC1C1E-2B8C-4E59-B5ED-ED2957B46743",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA5BCF7D-43FC-459C-8564-F0DCDC301FC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA6A75C9-C695-45DF-9526-8DEA506FB21F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "03246EF4-F805-4C1C-9E6C-D85AFBD2D168",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE432385-9FC2-4EB3-9770-4CA9A2979019",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.6:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "4EFCA67E-49E1-41FF-8B40-0209FF7893FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0AF4BA83-50C0-4D90-9755-CC99A0FF987E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE588389-7B4F-4949-BB7A-233C6BE31859",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E709A6B-B580-414B-8CEE-8FF99F8409C5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B9AA2E6-CF57-40A1-9A9C-B704D8B009F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "8DE75CBB-4EC2-4B97-9E86-28BB05DEA30C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A26E7D37-FA99-42EA-8E19-ED2343E8E70A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A982E152-5A20-4A3A-9A98-6CF9EEF9141A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFA11353-1DD1-4593-84E8-1D3CBB2C2166",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.9.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB0C19FB-60DF-440F-9A32-B9C62EBA9836",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.9.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9716FC40-F759-4D24-9604-7A2DB32A8F42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "400E2D41-CB1F-4E5C-B08D-35294F8D1402",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4AFEEBA-01BA-46D6-86A3-B1B5A8F1B5FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.1.1:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "3F72014B-B168-4FFA-ADDC-86CE84D19681",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AFFE8553-D8FF-4BA3-9325-A3C366FDFBEB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.1.2:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "72CD1784-3F48-49B5-A154-61C1F7EC3F61",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAAA1171-F570-4E4D-B667-2D4C8F8ECDD0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.1.3:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "278B4EF3-4331-4334-AB55-EC05C069F48A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple cross-site scripting (XSS) vulnerabilities in the export page (display_export.lib.php) in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allow remote attackers to inject arbitrary web script or HTML via the pma_db_filename_template cookie."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados - XSS - en la p\u00e1gina de exportaci\u00f3n (display_export.lib.php) en phpMyAdmin v2.11.x anteriores a v2.11.9.5 y v3.x anteriores a v3.1.3.1, permite a los atacantes remotos inyectar una secuencia de comandos web o HTML a trav\u00e9s de la cookie pma_db_filename_template."
    }
  ],
  "id": "CVE-2009-1150",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2009-03-26T14:30:00.233",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/trunk/phpMyAdmin/libraries/display_export.lib.php?r1=11986\u0026r2=12302\u0026pathrev=12302"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/34430"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/34642"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/35585"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/35635"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://security.gentoo.org/glsa/glsa-200906-03.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2009/dsa-1824"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:115"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.phpmyadmin.net/home_page/security/PMASA-2009-2.php"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/34251"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/trunk/phpMyAdmin/libraries/display_export.lib.php?r1=11986\u0026r2=12302\u0026pathrev=12302"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/34430"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/34642"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/35585"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/35635"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-200906-03.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2009/dsa-1824"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:115"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.phpmyadmin.net/home_page/security/PMASA-2009-2.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/34251"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2009-1150

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2009-1150

Aliases

CVE-2009-1150

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2009-1150",
    "description": "Multiple cross-site scripting (XSS) vulnerabilities in the export page (display_export.lib.php) in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allow remote attackers to inject arbitrary web script or HTML via the pma_db_filename_template cookie.",
    "id": "GSD-2009-1150",
    "references": [
      "https://www.suse.com/security/cve/CVE-2009-1150.html",
      "https://www.debian.org/security/2009/dsa-1824"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2009-1150"
      ],
      "details": "Multiple cross-site scripting (XSS) vulnerabilities in the export page (display_export.lib.php) in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allow remote attackers to inject arbitrary web script or HTML via the pma_db_filename_template cookie.",
      "id": "GSD-2009-1150",
      "modified": "2023-12-13T01:19:47.444776Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2009-1150",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Multiple cross-site scripting (XSS) vulnerabilities in the export page (display_export.lib.php) in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allow remote attackers to inject arbitrary web script or HTML via the pma_db_filename_template cookie."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://www.phpmyadmin.net/home_page/security/PMASA-2009-2.php",
            "refsource": "CONFIRM",
            "url": "http://www.phpmyadmin.net/home_page/security/PMASA-2009-2.php"
          },
          {
            "name": "GLSA-200906-03",
            "refsource": "GENTOO",
            "url": "http://security.gentoo.org/glsa/glsa-200906-03.xml"
          },
          {
            "name": "http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/trunk/phpMyAdmin/libraries/display_export.lib.php?r1=11986\u0026r2=12302\u0026pathrev=12302",
            "refsource": "CONFIRM",
            "url": "http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/trunk/phpMyAdmin/libraries/display_export.lib.php?r1=11986\u0026r2=12302\u0026pathrev=12302"
          },
          {
            "name": "34251",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/34251"
          },
          {
            "name": "34642",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/34642"
          },
          {
            "name": "DSA-1824",
            "refsource": "DEBIAN",
            "url": "http://www.debian.org/security/2009/dsa-1824"
          },
          {
            "name": "SUSE-SR:2009:008",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html"
          },
          {
            "name": "MDVSA-2009:115",
            "refsource": "MANDRIVA",
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:115"
          },
          {
            "name": "34430",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/34430"
          },
          {
            "name": "35635",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/35635"
          },
          {
            "name": "35585",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/35585"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.1.3:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.1.2:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.5:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.5.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.9.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.9.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.3:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.1.1:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.9.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.6:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.0:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.9.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.4:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.1:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.0:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-1150"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in the export page (display_export.lib.php) in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allow remote attackers to inject arbitrary web script or HTML via the pma_db_filename_template cookie."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.phpmyadmin.net/home_page/security/PMASA-2009-2.php",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.phpmyadmin.net/home_page/security/PMASA-2009-2.php"
            },
            {
              "name": "http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/trunk/phpMyAdmin/libraries/display_export.lib.php?r1=11986\u0026r2=12302\u0026pathrev=12302",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/trunk/phpMyAdmin/libraries/display_export.lib.php?r1=11986\u0026r2=12302\u0026pathrev=12302"
            },
            {
              "name": "34430",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/34430"
            },
            {
              "name": "SUSE-SR:2009:008",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html"
            },
            {
              "name": "34642",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/34642"
            },
            {
              "name": "MDVSA-2009:115",
              "refsource": "MANDRIVA",
              "tags": [],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:115"
            },
            {
              "name": "35585",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/35585"
            },
            {
              "name": "DSA-1824",
              "refsource": "DEBIAN",
              "tags": [],
              "url": "http://www.debian.org/security/2009/dsa-1824"
            },
            {
              "name": "34251",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/34251"
            },
            {
              "name": "GLSA-200906-03",
              "refsource": "GENTOO",
              "tags": [],
              "url": "http://security.gentoo.org/glsa/glsa-200906-03.xml"
            },
            {
              "name": "35635",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/35635"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2009-07-15T04:00Z",
      "publishedDate": "2009-03-26T14:30Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2009-1150 (GCVE-0-2009-1150)

GHSA-PGQX-HCP9-24PQ

CERTA-2009-AVI-117

Description

Solution

CERTA-2009-AVI-117

Description

Solution

FKIE_CVE-2009-1150

GSD-2009-1150

Tags

Sightings

Nomenclature