CVE-2009-3697 Information

Description

SQL injection vulnerability in the PDF schema generator functionality in phpMyAdmin 2.11.x before 2.11.9.6 and 3.x before 3.2.2.1 allows remote attackers to execute arbitrary SQL commands via unspecified interface parameters.

Reference

http://bugs.gentoo.org/show_bug.cgi?id=288899 http://dfn.dl.sourceforge.net/project/phpmyadmin/phpMyAdmin/2.11.9.6/phpMyAdmin-2.11.9.6-notes.html http://dfn.dl.sourceforge.net/project/phpmyadmin/phpMyAdmin/3.2.2.1/phpMyAdmin-3.2.2.1-notes.html http://freshmeat.net/projects/phpmyadmin/releases/306667 http://freshmeat.net/projects/phpmyadmin/releases/306669 http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html http://marc.info/?l=oss-security&m=125553728512853&w=2 http://marc.info/?l=oss-security&m=125561979001460&w=2 http://secunia.com/advisories/37016 http://typo3.org/extensions/repository/view/phpmyadmin/4.5.0/ http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-015/ http://www.mandriva.com/security/advisories?name=MDVSA-2009:274 http://www.phpmyadmin.net/home_page/security/PMASA-2009-6.php http://www.securityfocus.com/bid/36658 http://www.vupen.com/english/advisories/2009/2899 https://bugzilla.redhat.com/show_bug.cgi?id=528769 https://exchange.xforce.ibmcloud.com/vulnerabilities/53741 https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00467.html https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00490.html