Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

phpMyAdmin 2.x bug

Discussion in 'Database Discussions' started by hicom, Feb 3, 2004.

  1. hicom

    hicom Well-Known Member

    Joined:
    May 23, 2003
    Messages:
    276
    Likes Received:
    1
    Trophy Points:
    168
    TITLE:
    phpMyAdmin "export.php" Directory Traversal Vulnerability

    SECUNIA ADVISORY ID:
    SA10769

    VERIFY ADVISORY:
    http://www.secunia.com/advisories/10769/

    CRITICAL:
    Moderately critical

    IMPACT:
    Exposure of system information, Exposure of sensitive information

    WHERE:
    >From remote

    SOFTWARE:
    phpMyAdmin 2.x

    DESCRIPTION:
    Cedric Cochin has discovered a vulnerability in phpMyAdmin, allowing malicious people to gain knowledge of sensitive information.

    The "export.php" script does not sanitise user input passed to the "what" parameter properly, which can be exploited via classic directory traversal attacks to disclose the content of arbitrary files.

    Example: http://[victim]/export.php?what=../../../[existing_file]

    The vulnerability affects version 2.5.5-pl1 and prior.

    SOLUTION:
    Update to version 2.5.6-rc1. http://www.phpmyadmin.net/home_page/downloads.php
     
Loading...

Share This Page