|
Family: CGI abuses --> Category: attack
PHPMyAdmin subform File Inclusion Vulnerability Vulnerability Scan
Vulnerability Scan Summary Checks for subform file inclusion vulnerability in PHPMyAdmin
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server contains a PHP application that is prone to a
local file inclusion flaw.
Description :
The version of phpMyAdmin installed on the remote host allows
attackers to read and possibly execute code from arbitrary files on
the local host because of its failure to sanitize the parameter
'subform' before using it in the 'libraries/grab_globals.lib.php'
script.
See also :
http://securityreason.com/achievement_securityalert/24
http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2005-4
Solution :
Upgrade to phpMyAdmin 2.6.4-pl2 or later.
Threat Level:
Medium / CVSS Base Score : 4
(AV:R/AC:L/Au:NR/C:P/A:N/I:N/B:C)
Click HERE for more information and discussions on this network vulnerability scan.
|