Vulnerability Scanning Solutions, LLC.
Home
Our Process
Residential
Corporate
What We Scan For
Sample Report
Client List
Terms
Contact Us
What We Scan For
Family: CGI abuses --> Category: infos

phpMyAdmin arbitrary file reading (2) Vulnerability Scan


Vulnerability Scan Summary
Checks phpMyAdmin

Detailed Explanation for this Vulnerability Test

Synopsis :

The remote web server contains a PHP script that is affected by a
local file inclusion flaw.

Description :

There is a bug in the remote version of phpMyAdmin that may allow an
attacker to read arbitrary files on the remote web server with the
rights of the web user or even execute arbitrary PHP code.
Successful exploitation of this issue requires that PHP's
'magic_quotes_gpc' setting be disabled.

See also :

http://archives.neohapsis.com/archives/bugtraq/2004-02/0062.html
http://sourceforge.net/forum/forum.php?forum_id=350228

Solution :

Upgrade to phpMyAdmin version 2.4.6-rc1 or later.

Threat Level:

Medium / CVSS Base Score : 6
(AV:R/AC:H/Au:NR/C:P/A:P/I:P/B:N)

Click HERE for more information and discussions on this network vulnerability scan.

VSS, LLC.

P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.