Flaw in PHPMyAdmin

Mike Healan

Verified User
Joined
Dec 1, 2003
Messages
19
Summary :

phpMyAdmin is a tool written in PHP intended to handle the administration of
MySQL over the WWW. There is a vulnerability in the current stable version of
phpMyAdmin that allows an attacker to retrieve arbitrary files from the
webserver with privileges of the webserver..

Details :

The export PHP script can be exploited to disclose arbitrary file using a
include() PHP call.

Vulnerable Systems:
* phpMyAdmin 2.5.5-pl1 and prior

Vendor Status :

The information has been provided to the phpMyAdmin Project Managers.
A new release candidate 2.5.6-rc1 with fixes for this vulnerability is available.
- --> http://www.phpmyadmin.net/home_page/
- --> http://www.phpmyadmin.net/home_page/relnotes.php?rel=0
 
Useful.... the stable releases all have the problem...:rolleyes:

Am going to try 2.5.6-rc1 now I think ;)
 
Back
Top