Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200412-19] phpMyAdmin: Multiple vulnerabilities Vulnerability Scan
Vulnerability Scan Summary
phpMyAdmin: Multiple vulnerabilities
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200412-19
(phpMyAdmin: Multiple vulnerabilities)
Nicolas Gregoire (exaprobe.com) has discovered two vulnerabilities
that exist only on a webserver where PHP safe_mode is off. These
vulnerabilities could lead to command execution or file disclosure.
On a system where external MIME-based transformations are enabled,
a possible hacker can insert offensive values in MySQL, which would start a
shell when the data is browsed. On a system where the UploadDir is
enabled, read_dump.php could use the unsanitized sql_localfile variable
to disclose a file.
You can temporarily enable PHP safe_mode or disable external
MIME-based transformation AND disable the UploadDir. But instead, we
strongly advise to update your version to 2.6.1_rc1.
All phpMyAdmin users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-db/phpmyadmin-2.6.1_rc1"
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.