GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Mon May 05, 2008 10:26 pm Post subject: [ GLSA 200805-02 ] phpMyAdmin: Information disclosure |
 |
|
Gentoo Linux Security Advisory
Title: phpMyAdmin: Information disclosure (GLSA 200805-02)
Severity: low
Exploitable: remote
Date: May 05, 2008
Bug(s): #219005
ID: 200805-02
Synopsis
A vulnerability in phpMyAdmin may lead to information disclosure.
Background
phpMyAdmin is a tool written in PHP intended to handle the
administration of MySQL databases from a web-browser.
Affected Packages
Package: dev-db/phpmyadmin
Vulnerable: < 2.11.5.2
Unaffected: >= 2.11.5.2
Architectures: All supported architectures
Description
Cezary Tomczak reported that an undefined UploadDir variable exposes an
information disclosure vulnerability when running on shared hosts.
Impact
A remote attacker with CREATE TABLE permissions can exploit this
vulnerability via a specially crafted HTTP POST request in order to
read arbitrary files.
Workaround
There is no known workaround at this time.
Resolution
All phpMyAdmin users should upgrade to the latest version:
| Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=dev-db/phpmyadmin-2.11.5.2" |
References
CVE-2008-1924
Last edited by GLSA on Thu Mar 20, 2014 4:27 am; edited 2 times in total |
|
News & Announcements
