| VID |
21491 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The phpMyAdmin software is vulnerable to multiple local file include vulnerabilities. phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the WWW. Currently it can create and drop databases, create/drop/alter tables, delete/edit/add fields, execute any SQL statement, manage keys on fields. phpMyAdmin versions 2.6.1 and earlier could allow a remote attacker to include arbitrary files, due to a failure of the application to properly sanitize user-supplied input prior to using it in a PHP 'include()', 'require()', 'require-once()', or similar function call. Specifically, input passed to the "GLOBALS[cfg][ThemePath]" parameter in "phpmyadmin.css.php" and "cfg[Server][extension]" parameter in "database_interface.lib.php" is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources and execute arbitrary server-side script code that resides on an affected computer with the privileges of the Web server process. Successful exploitation requires that "register_globals" is enabled and that "magic_quotes_gpc" is disabled.
* References:
http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2005-1
http://secunia.com/advisories/14382/
* Platforms Affected:
Tobias Ratschiller, phpMyAdmin 2.6.1 and earlier
Any Operating system Any version |
| Recommendation |
Upgrade to the latest version of phpMyAdmin (2.6.1-pl1 or later), available from the phpMyAdmin Download Web page at http://www.phpmyadmin.net/home_page/downloads.php |
| Related URL |
CVE-2005-0544,CVE-2005-0567 (CVE) |
| Related URL |
12645 (SecurityFocus) |
| Related URL |
19465 (ISS) |
|
