| VID |
21282 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The phpMyAdmin software has a directory traversal vulnerability(2). phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the WWW. Currently it can create and drop databases, create/drop/alter tables, delete/edit/add fields, execute any SQL statement, manage keys on fields.
The 'export.php' sample script in phpMyAdmin versions 2.5.5-pl1 and prior can disclose the contents of arbitrary webserver file, caused by improper validation of user-supplied "what" parameter. To exploit this vulnerability, a remote attacker will send a "export.php" request containing "dot dot" sequences (/../) and a known file appended with a NULL byte character (%00) as the following:
http://[targetserver]/export.php?what=../../..../../../../../../../etc/passwd%00
It can allow a remote attacker to view the requested file (password file).
* References:
http://www.securityfocus.com/archive/1/352378
* Platforms Affected:
phpMyAdmin 2.5.5-pl1 and prior
Windows Any version
UNIX/Linux Any version |
| Recommendation |
Upgrade to the latest version of phpMyAdmin (2.5.6-rc1 or later), available from the phpMyAdmin Project Official Web site at http://www.phpmyadmin.net/home_page/ |
| Related URL |
CVE-2004-0129 (CVE) |
| Related URL |
9564 (SecurityFocus) |
| Related URL |
15021 (ISS) |
|
