| VID |
21742 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The phpMyAdmin program is vulnerable to a local file include vulnerability in the 'grab_globals.lib.php' script. phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the WWW. Currently it can create and drop databases, create/drop/alter tables, delete/edit/add fields, execute any SQL statement, manage keys on fields. phpMyAdmin version 2.6.4-pl1 and possibly earlier versions could allow a remote attacker to view files residing outside of the Web root, caused by improper filtering of user-supplied input passed to the 'usesubform' parameter of the './libraries/grab_globals.lib.php' script. By sending a specially-crafted URL containing "dot dot" sequences (/../), a remote attacker could read arbitrary files outside of the web root directory with the privileges of the Web service.
* References:
http://securityreason.com/achievement_securityalert/24
http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0225.html
* Platforms Affected:
Tobias Ratschiller, phpMyAdmin version 2.6.4-pl1 and possibly earlier versions
Any operating system Any version |
| Recommendation |
No upgrade or patch available as of October 2005.
Upgrade to a version of phpMyAdmin greater than 2.6.4-pl1, when new fixed version becomes available from the phpMyAdmin Download Web page at http://www.phpmyadmin.net/home_page/downloads.php |
| Related URL |
CVE-2005-3299 (CVE) |
| Related URL |
15053 (SecurityFocus) |
| Related URL |
22558 (ISS) |
|
