CVE-2009-3697 — SQL Injection in Phpmyadmin

CWE-89 — SQL Injection CWE-79 — Cross-site Scripting6 documents6 sources

Severity

7.5HIGHNVD

EPSS

2.6%

top 14.40%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Phpmyadmin Debian Phpmyadmin

Timeline

PublishedOct 16

Latest updateMay 2

Description

SQL injection vulnerability in the PDF schema generator functionality in phpMyAdmin 2.11.x before 2.11.9.6 and 3.x before 3.2.2.1 allows remote attackers to execute arbitrary SQL commands via unspecified interface parameters.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

▶debiandebian/phpmyadmin< phpmyadmin 4:3.2.2.1-1 (bookworm)

▶Debianphpmyadmin/phpmyadmin< 4:3.2.2.1-1+3

▶NVDphpmyadmin/phpmyadmin51 versions+50

Patches

Patch: www.vupen.com ↗Patch: www.vupen.com ↗

🔴Vulnerability Details

GHSA

GHSA-6x9q-9h2v-cmc6: SQL injection vulnerability in the PDF schema generator functionality in phpMyAdmin 2↗2022-05-02

▶

OSV

CVE-2009-3697: SQL injection vulnerability in the PDF schema generator functionality in phpMyAdmin 2↗2009-10-16

▶

📋Vendor Advisories

Debian

CVE-2009-3697: phpmyadmin - SQL injection vulnerability in the PDF schema generator functionality in phpMyAd...↗2009

▶

Red Hat

phpMyAdmin: XSS and SQL injection (PMASA-2009-6)↗

▶

💬Community

Bugzilla

CVE-2009-3696 CVE-2009-3697 phpMyAdmin: XSS and SQL injection (PMASA-2009-6)↗2009-10-13

▶