|
Family: CGI abuses --> Category: infos
phpMyAdmin arbitrary file reading (2) Vulnerability Scan
Vulnerability Scan Summary Checks phpMyAdmin
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server contains a PHP script that is affected by a
local file inclusion flaw.
Description :
There is a bug in the remote version of phpMyAdmin that may allow an
attacker to read arbitrary files on the remote web server with the
rights of the web user or even execute arbitrary PHP code.
Successful exploitation of this issue requires that PHP's
'magic_quotes_gpc' setting be disabled.
See also :
http://archives.neohapsis.com/archives/bugtraq/2004-02/0062.html
http://sourceforge.net/forum/forum.php?forum_id=350228
Solution :
Upgrade to phpMyAdmin version 2.4.6-rc1 or later.
Threat Level:
Medium / CVSS Base Score : 6
(AV:R/AC:H/Au:NR/C:P/A:P/I:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|