Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

phpMyAdmin 2.6.4 and 2.6.4-pl1 Local file inclusion vulnerability

Discussion in 'Database Discussion' started by thewishbone, Oct 19, 2005.

  1. thewishbone

    thewishbone Active Member

    Joined:
    Aug 7, 2005
    Messages:
    29
    Likes Received:
    0
    Trophy Points:
    151
    Hi i read this and i want to know if we have to upgrade to the new verion of PHPMyAdmin 2.6.4-pl2:

    Announcement-ID: PMASA-2005-4
    Date: 2005-10-11

    Summary:
    Local file inclusion vulnerability

    Description:
    In libraries/grab_globals.lib.php, the $__redirect parameter was not correctly validated, opening the door to a local file inclusion attack.


    Severity:
    We consider this vulnerability to be serious. However, it can be exploited only on systems not running in PHP safe mode (unless a deliberate hole was opened by including in open_basedir some paths containing sensitive data).

    Affected versions:
    phpMyAdmin versions 2.6.4 and 2.6.4-pl1.

    Solution:
    Upgrade to phpMyAdmin 2.6.4-pl2 or newer.
     
  2. Website Rob

    Website Rob Well-Known Member

    Joined:
    Mar 23, 2002
    Messages:
    1,505
    Likes Received:
    1
    Trophy Points:
    318
    Location:
    Alberta, Canada
    cPanel Access Level:
    Root Administrator
    All depends on your Server security by the looks of things.

    Just more good reasons why always running PHP in 'safe_mode' and 'open_basedir' restrictions turned ON, just makes a whole lotta sense.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. thewishbone

    thewishbone Active Member

    Joined:
    Aug 7, 2005
    Messages:
    29
    Likes Received:
    0
    Trophy Points:
    151
    And how we know if really needs to do it? we try this bug...and works

    thanks
     
  4. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,470
    Likes Received:
    21
    Trophy Points:
    463
    Location:
    Go on, have a guess
    You need to follow the cPanel changelog, this has been incorporated into the release tree (have a look on http://layer1.cpanel.net).

    Do bear in mind that to run phpmyadmin that comes with cPanel you do need to have a valid cPanel login to access it.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. PvUtrix

    PvUtrix Well-Known Member

    Joined:
    Mar 12, 2005
    Messages:
    57
    Likes Received:
    0
    Trophy Points:
    156
    Location:
    Ekaterinburg - Russia
    cPanel Access Level:
    Root Administrator
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice