| VID |
21646 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The phpPgAdmin is vulnerable to a directory traversal vulnerability in the formLanguage parameter. phpPgAdmin is a fully functional web-based administration utility for a PostgreSQL database server. phpPgAdmin version 3.5.3 and possibly other versions are vulnerable to a directory traversal vulnerability, caused by improper validation of user-supplied input in the formLanguage parameter in the login.php script. If register_globals is enabled, a remote attacker could send a specially-crafted URL request including "%2e%2e%2f" (encoded dot dot) sequences in the formLanguage parameter of the login.php script to read arbitrary files outside of the document root directory.
* References:
http://secunia.com/advisories/15941/
http://archives.neohapsis.com/archives/dailydave/2005-q3/0010.html
http://securitytracker.com/id?1014414
http://www.vuxml.org/freebsd/88188a8c-eff6-11d9-8310-0001020eed82.html
http://sourceforge.net/project/shownotes.php?release_id=342261
* Platforms Affected:
SourceForge.net, phpPgAdmin version 3.5.3 and possibly other versions
Any Operating system Any version |
| Recommendation |
Upgrade to the latest version of phpPgAdmin (3.5.4 or later), available from the phpPgAdmin Web site at http://sourceforge.net/projects/phppgadmin |
| Related URL |
CVE-2005-2256 (CVE) |
| Related URL |
14142 (SecurityFocus) |
| Related URL |
21265 (ISS) |
|
