[Fwd: phpmyadmin vulnerability]
Mit Rowe
mit at mitayai.org
Thu Oct 13 10:35:01 PDT 2005
current port version 2.6.4-pl1 vulnerable
phpMyAdmin security announcement PMASA-2005-4
Announcement-ID: PMASA-2005-4
Date: 2005-10-11
*Summary*:
Local file inclusion vulnerability
*Description*:
In libraries/grab_globals.lib.php, the $__redirect parameter was not
correctly validated, opening the door to a local file inclusion attack.
*Severity*:
We consider this vulnerability to be serious. However, it can be
exploited only on systems not running in PHP safe mode (unless a
deliberate hole was opened by including in open_basedir some paths
containing sensitive data).
*Affected versions*:
phpMyAdmin versions 2.6.4 and 2.6.4-pl1.
*Solution:*
Upgrade to phpMyAdmin 2.6.4-pl2 or newer.
For further information and in case of questions, please contact the
phpMyAdmin team. Our website is http://www.phpmyadmin.net/
<http://www.phpmyadmin.net>.
--
Will Mitayai Keeso Rowe
Technical Director
9TrackMind, Inc.
mit at 9trackmind.com
mobile: +1.416.219 2512
-------------- next part --------------
An embedded message was scrubbed...
From: "AuDaSeE" <audasee at dreaming.org>
Subject: phpmyadmin vulnerability
Date: Thu, 13 Oct 2005 13:17:25 -0400
Size: 1536
Url: http://lists.freebsd.org/pipermail/freebsd-ports/attachments/20051013/4f1393d7/phpmyadminvulnerability.mht
More information about the freebsd-ports
mailing list