Family: CGI abuses --> Category: attack
Multiple Local File Include Vulnerabilities in phpMyAdmin Vulnerability Scan
Vulnerability Scan Summary
Detect multiple local file include vulnerabilities in phpMyAdmin
Detailed Explanation for this Vulnerability Test
The remote web server contains a PHP application that is prone to
multiple local file include issues.
The installed version of phpMyAdmin suffers from multiple local file
include flaws due to its failure to sanitize user input prior to its use
in PHP 'include' and 'require_once' calls. Specifically, a remote
attacker can control values for the 'GLOBALS[cfg][ThemePath]' parameter
used in 'css/phpmyadmin.css.php' as well as the 'cfg[Server][extension]'
parameter use in 'libraries/database_interface.lib.php', which enables
him to read arbitrary files on the remote host and possibly even run
arbitrary code, subject to the rights of the web server process.
See also :
Upgrade to phpMyAdmin 2.6.1 pl1 or later.
Medium / CVSS Base Score : 6
Click HERE for more information and discussions on this network vulnerability scan.