CVE-2009-3697

critical

Description

SQL injection vulnerability in the PDF schema generator functionality in phpMyAdmin 2.11.x before 2.11.9.6 and 3.x before 3.2.2.1 allows remote attackers to execute arbitrary SQL commands via unspecified interface parameters.

References

https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00490.html

https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00467.html

https://exchange.xforce.ibmcloud.com/vulnerabilities/53741

https://bugzilla.redhat.com/show_bug.cgi?id=528769

http://www.vupen.com/english/advisories/2009/2899

http://www.securityfocus.com/bid/36658

http://www.phpmyadmin.net/home_page/security/PMASA-2009-6.php

http://www.mandriva.com/security/advisories?name=MDVSA-2009:274

http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-015/

http://typo3.org/extensions/repository/view/phpmyadmin/4.5.0/

http://secunia.com/advisories/37016

http://marc.info/?l=oss-security&m=125561979001460&w=2

http://marc.info/?l=oss-security&m=125553728512853&w=2

http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html

http://freshmeat.net/projects/phpmyadmin/releases/306669

http://freshmeat.net/projects/phpmyadmin/releases/306667

http://dfn.dl.sourceforge.net/project/phpmyadmin/phpMyAdmin/3.2.2.1/phpMyAdmin-3.2.2.1-notes.html

http://dfn.dl.sourceforge.net/project/phpmyadmin/phpMyAdmin/2.11.9.6/phpMyAdmin-2.11.9.6-notes.html

http://bugs.gentoo.org/show_bug.cgi?id=288899

Details

Source: Mitre, NVD

Published: 2009-10-16

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

Detections

Analytics