Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

phpMyAdmin 2.x bug

Discussion in 'Database Discussion' started by hicom, Feb 3, 2004.

  1. hicom

    hicom Well-Known Member

    Joined:
    May 23, 2003
    Messages:
    282
    Likes Received:
    2
    Trophy Points:
    168
    TITLE:
    phpMyAdmin "export.php" Directory Traversal Vulnerability

    SECUNIA ADVISORY ID:
    SA10769

    VERIFY ADVISORY:
    http://www.secunia.com/advisories/10769/

    CRITICAL:
    Moderately critical

    IMPACT:
    Exposure of system information, Exposure of sensitive information

    WHERE:
    >From remote

    SOFTWARE:
    phpMyAdmin 2.x

    DESCRIPTION:
    Cedric Cochin has discovered a vulnerability in phpMyAdmin, allowing malicious people to gain knowledge of sensitive information.

    The "export.php" script does not sanitise user input passed to the "what" parameter properly, which can be exploited via classic directory traversal attacks to disclose the content of arbitrary files.

    Example: http://[victim]/export.php?what=../../../[existing_file]

    The vulnerability affects version 2.5.5-pl1 and prior.

    SOLUTION:
    Update to version 2.5.6-rc1. http://www.phpmyadmin.net/home_page/downloads.php
     
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice