Info

Disclosure

Feb 03, 2004

Discovery

Feb 03, 2004

Dates

Exploit

Feb 03, 2004

Solution

Unknown

Description

phpMyAdmin contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered because export.php fails to validate user input to the "what" variable, which will disclose server file information resulting in a loss of confidentiality.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Upgrade
Disclosure: Vendor Verified
OSVDB: Web Related

Solution

Upgrade to version 2.5.6-rc1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Tobias Ratschiller	phpMyAdmin	2.2.7-pl1
		2.5.3
		2.5.4
		2.5.5-pl1

References

Secunia Advisory ID: 10769
ISS X-Force ID: 15021
CVE ID: 2004-0129 (see also: NVD)
Bugtraq ID: 9564
Other Advisory URL: http://marc.theaimsgroup.com/?l=bugtraq&m=107582619125932&w=2
http://www.netvigilance.com/advisory0004
Vendor URL: http://www.phpmyadmin.net/home_page/
Keyword: netVigilance Security Advisory 4 TC 17869

Credit

Cedric Cochin - cedric.cochingmail.com - Personal Page

Direct URL: http://osvdb.org/3800

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Tobias Ratschiller

phpMyAdmin

References

Credit