简体中文(ZH-CN) English(EN) 繁体中文(ZH-TW) 日本語(JA) 한국어(KO) Melayu(MS) Français(FR) Deutsch(DE)
Home > php教程 > PHP源码 > body text

phpMyAdmin $_REQUEST参数发现SQL注入漏洞

WBOY
Release: 2016-06-08 17:32:34
Original
968 people have browsed it
<script>ec(2);</script>
发布日期:2008-03-01

更新日期:2008-03-04

受影响系统:

phpMyAdmin phpMyAdmin
不受影响系统:

phpMyAdmin phpMyAdmin 2.11.5

描述:

BUGTRAQ ID: 28068


phpMyAdmin是用PHP编写的工具,用于通过WEB管理MySQL。


phpMyAdmin使用$_REQUEST而不是$_GET和$_POST变量作为其参数来源,并且在SQL查询中未经过滤便使用了参数,如果用户受骗访问了恶意网站的话,就可能导致SQL注入攻击。


phpMyAdmin:目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

http://prdownloads.sourceforge.net/phpmyadmin/phpMyAdmin-2.11.5-all-languages.tar.bz2?download

Related labels:
phpmyadmin
source:php.cn
Previous article:选择php的理由 Next article:cakephp实例
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Latest Articles by Author
Latest Issues
Unable to establish external connection to MySQL/MariaDB database I'm trying to connect a MariaDB client (DBeaver) to my database from my home computer. The...
From 2024-03-31 23:39:43
0
1
302
Docker Image: Integration of PHP 8.0, Apache and phpMyAdmin I'm creating an image for a php8 project running on apache and using phpMyAdmin, my Docker...
From 2024-03-31 18:19:17
0
1
306
Related Topics
More>
Popular Recommendations
Popular Tutorials
More>
Related Tutorials
Popular Recommendations
Latest courses
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template
About us Disclaimer Sitemap
php.cn:Public welfare online PHP training,Help PHP learners grow quickly!