漏洞标题
N/A
漏洞描述信息
在 phpMyAdmin 2.7.0-pl2 中存在多个 CRLF 注入漏洞,这允许远程攻击者通过 phpMyAdmin cookie 中的 CRLF 序列来注入任意 HTTP 头,并执行 HTTP 响应分割攻击。这些漏洞存在于 (1) css/phpmyadmin.css.php, (2) db_create.php, (3) index.php, (4) left.php, (5) libraries/session.inc.php, (6) libraries/transformations/overview.php, (7) querywindow.php, (8) server_engines.php 和可能的其他文件中。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
Multiple CRLF injection vulnerabilities in PhpMyAdmin 2.7.0-pl2 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a phpMyAdmin cookie in (1) css/phpmyadmin.css.php, (2) db_create.php, (3) index.php, (4) left.php, (5) libraries/session.inc.php, (6) libraries/transformations/overview.php, (7) querywindow.php, (8) server_engines.php, and possibly other files.
CVSS信息
N/A
漏洞类别
N/A
漏洞标题
PhpMyAdmin 多个CRLF注入漏洞
漏洞描述信息
PhpMyAdmin 2.7.0-pl2存在多个CRLF注入漏洞,远程攻击者可通过在(1)css/phpmyadmin.css.php,(2)db_create.php,(3)index.php,(4)left.php,(5)libraries/session.inc.php,(6)libraries/transformations/overview.php,(7)querywindow.php,(8)server_engines.php,及其他文件中的phpMyAdmin cookie中的CRLF序列来
CVSS信息
N/A
漏洞类别
授权问题