Описание
phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTTP Server, as demonstrated by a .php.sql filename.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 4:3.5.8.1-1 |
| esm-apps/xenial | not-affected | 4:3.5.8.1-1 |
| esm-infra-legacy/trusty | not-affected | 4:3.5.8.1-1 |
| hardy | ignored | end of life |
| lucid | ignored | end of life |
| oneiric | ignored | end of life |
| precise | ignored | end of life |
| precise/esm | DNE | precise was needed |
| quantal | ignored | end of life |
| raring | not-affected |
Показывать по
EPSS
4.6 Medium
CVSS2
Связанные уязвимости
phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTTP Server, as demonstrated by a .php.sql filename.
phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir ...
EPSS
4.6 Medium
CVSS2