VYPR
High severityNVD Advisory· Published Mar 26, 2009· Updated Jun 16, 2026

CVE-2009-1149

CVE-2009-1149

Description

CRLF injection vulnerability in bs_disp_as_mime_type.php in the BLOB streaming feature in phpMyAdmin before 3.1.3.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the (1) c_type and possibly (2) file_type parameters.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
phpmyadmin/phpmyadminPackagist
< 3.1.3.13.1.3.1

Affected products

10
  • cpe:2.3:a:phpmyadmin:phpmyadmin:*:*:*:*:*:*:*:*+ 8 more
    • cpe:2.3:a:phpmyadmin:phpmyadmin:*:*:*:*:*:*:*:*range: <=3.1.3
    • cpe:2.3:a:phpmyadmin:phpmyadmin:3.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:phpmyadmin:phpmyadmin:3.1.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:phpmyadmin:phpmyadmin:3.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:phpmyadmin:phpmyadmin:3.1.1:rc1:*:*:*:*:*:*
    • cpe:2.3:a:phpmyadmin:phpmyadmin:3.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:phpmyadmin:phpmyadmin:3.1.2:rc1:*:*:*:*:*:*
    • cpe:2.3:a:phpmyadmin:phpmyadmin:3.1.3:rc1:*:*:*:*:*:*
    • (no CPE)range: <3.1.3.1
  • ghsa-coords
    Range: < 3.1.3.1

Patches

Vulnerability mechanics

References

8

News mentions

0

No linked articles in our index yet.