Back to search
CVE-2007-5934
Published: Nov 13, 2007
Modified: Aug 7, 2024
PUBLISHED
Description
The LOB functionality in PEAR MDB2 before 2.5.0a1 interprets a request to store a URL string as a request to retrieve and store the contents of the URL, which might allow remote attackers to use MDB2 as an indirect proxy or obtain sensitive information via a URL into a form field in an MDB2 application, as demonstrated by a file:// URL or a URL for an intranet web site.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
26382
vdb-entry
x_refsource_BID
http://bugs.gentoo.org/show_bug.cgi?id=198446
x_refsource_CONFIRM
http://pear.php.net/package/MDB2/download/2.5.0a1
x_refsource_CONFIRM
42107
vdb-entry
x_refsource_OSVDB
GLSA-200712-05
vendor-advisory
x_refsource_GENTOO
http://pear.php.net/bugs/bug.php?id=10024
x_refsource_CONFIRM
27983
third-party-advisory
x_refsource_SECUNIA
27626
third-party-advisory
x_refsource_SECUNIA
[PEAR-CVS] 20070503 cvs: pear /MDB2 MDB2.php package.php /MDB2/MDB2/Driver mysql.php mysqli.php oci8.php pgs
mailing-list
x_refsource_MLIST
27572
third-party-advisory
x_refsource_SECUNIA
FEDORA-2007-3369
vendor-advisory
x_refsource_FEDORA
ADV-2007-3806
vdb-entry
x_refsource_VUPEN
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now