CVE-2009-1149

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2009-1149

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2009-1149.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2009-1149

Aliases

GHSA-xrpq-63mp-9vcw

Downstream

DEBIAN-CVE-2009-1149

Published

2009-03-26T14:30:00Z

Modified

2025-08-09T20:01:26Z

Summary

[none]

Details

CRLF injection vulnerability in bsdispasmimetype.php in the BLOB streaming feature in phpMyAdmin before 3.1.3.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the (1) ctype and possibly (2) filetype parameters.

References

http://secunia.com/advisories/34468
http://secunia.com/advisories/34642
http://www.phpmyadmin.net/home_page/security/PMASA-2009-1.php
http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/MAINT_3_1_3/phpMyAdmin/bs_disp_as_mime_type.php?r1=12303&r2=12302&pathrev=12303
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html

CVE-2009-1149

Affected packages