CVE-2007-1325

Publication date 7 March 2007

Last updated 17 July 2025

Ubuntu priority

Medium

Why this priority?

Description

The PMA_ArrayWalkRecursive function in libraries/common.lib.php in phpMyAdmin before 2.10.0.2 does not limit recursion on arrays provided by users, which allows context-dependent attackers to cause a denial of service (web server crash) via an array with many dimensions. NOTE: it could be argued that this vulnerability is caused by a problem in PHP (CVE-2006-1549) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in phpMyAdmin.

Read the notes from the security team

Status

Package Ubuntu Release Status
phpmyadmin 9.10 karmic
Not affected
9.04 jaunty
Not affected
8.10 intrepid
Not affected
8.04 LTS hardy
Not affected
7.10 gutsy
Not affected
7.04 feisty
Fixed 2.9.1.1-2ubuntu1
6.10 edgy Ignored end of life, was needed
6.06 LTS dapper Ignored end of life

Notes

wgrant

PMASA-2007-3

References

Other references