Mike Healan
02-03-2004, 10:45 PM
Summary :
phpMyAdmin is a tool written in PHP intended to handle the administration of
MySQL over the WWW. There is a vulnerability in the current stable version of
phpMyAdmin that allows an attacker to retrieve arbitrary files from the
webserver with privileges of the webserver..
Details :
The export PHP script can be exploited to disclose arbitrary file using a
include() PHP call.
Vulnerable Systems:
* phpMyAdmin 2.5.5-pl1 and prior
Vendor Status :
The information has been provided to the phpMyAdmin Project Managers.
A new release candidate 2.5.6-rc1 with fixes for this vulnerability is available.
- --> http://www.phpmyadmin.net/home_page/
- --> http://www.phpmyadmin.net/home_page/relnotes.php?rel=0
phpMyAdmin is a tool written in PHP intended to handle the administration of
MySQL over the WWW. There is a vulnerability in the current stable version of
phpMyAdmin that allows an attacker to retrieve arbitrary files from the
webserver with privileges of the webserver..
Details :
The export PHP script can be exploited to disclose arbitrary file using a
include() PHP call.
Vulnerable Systems:
* phpMyAdmin 2.5.5-pl1 and prior
Vendor Status :
The information has been provided to the phpMyAdmin Project Managers.
A new release candidate 2.5.6-rc1 with fixes for this vulnerability is available.
- --> http://www.phpmyadmin.net/home_page/
- --> http://www.phpmyadmin.net/home_page/relnotes.php?rel=0