GHSA-xrpq-63mp-9vcw
Suggest an improvement- Source
- https://github.com/advisories/GHSA-xrpq-63mp-9vcw
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-xrpq-63mp-9vcw/GHSA-xrpq-63mp-9vcw.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-xrpq-63mp-9vcw
- Aliases
- Published
- 2022-05-02T03:22:03Z
- Modified
- 2024-01-23T18:26:33.824939Z
- Summary
- phpMyAdmin HTTP Response Splitting Vulnerability
- Details
-
CRLF injection vulnerability in
bs_disp_as_mime_type.phpin the BLOB streaming feature in phpMyAdmin before 3.1.3.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the (1)c_typeand possibly (2)file_typeparameters. - Database specific
{ "nvd_published_at": "2009-03-26T14:30:00Z", "cwe_ids": [ "CWE-113", "CWE-20" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2024-01-23T18:12:57Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2009-1149
- https://github.com/phpmyadmin/phpmyadmin/commit/69bfbf11c7e9487dfa96293aaa797ff14bb513f0
- https://github.com/phpmyadmin/composer
- http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html
- http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/MAINT_3_1_3/phpMyAdmin/bs_disp_as_mime_type.php?r1=12303&r2=12302&pathrev=12303
- http://www.phpmyadmin.net/home_page/security/PMASA-2009-1.php
Affected packages
Packagist / phpmyadmin/phpmyadmin
Package
- Name
- phpmyadmin/phpmyadmin
- Purl
- pkg:composer/phpmyadmin/phpmyadmin