Vulnerability Scanning Solutions, LLC.
Our Process
What We Scan For
Sample Report
Client List
Contact Us
What We Scan For
Family: Gentoo Local Security Checks --> Category: infos

[GLSA-200412-19] phpMyAdmin: Multiple vulnerabilities Vulnerability Scan

Vulnerability Scan Summary
phpMyAdmin: Multiple vulnerabilities

Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200412-19
(phpMyAdmin: Multiple vulnerabilities)

Nicolas Gregoire ( has discovered two vulnerabilities
that exist only on a webserver where PHP safe_mode is off. These
vulnerabilities could lead to command execution or file disclosure.


On a system where external MIME-based transformations are enabled,
a possible hacker can insert offensive values in MySQL, which would start a
shell when the data is browsed. On a system where the UploadDir is
enabled, read_dump.php could use the unsanitized sql_localfile variable
to disclose a file.


You can temporarily enable PHP safe_mode or disable external
MIME-based transformation AND disable the UploadDir. But instead, we
strongly advise to update your version to 2.6.1_rc1.


All phpMyAdmin users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-db/phpmyadmin-2.6.1_rc1"

Threat Level: High

Click HERE for more information and discussions on this network vulnerability scan.


P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.