Gentoo: GLSA-200402-05 Normal: phpMyAdmin Directory Traversal Issue
gentoo
February 17, 2004
A vulnerability in phpMyAdmin which was not properly verifying user generated input could lead to a directory traversal attack
Summary
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Gentoo Linux Security Advisory GLSA 200402-05
~ https://security.gentoo.org/
~ Severity: Normal
~ Title: phpMyAdmin < 2.5.6-rc1 directory traversal attack
~ Date: February 17, 2004
~ Bugs: #40268
~ ID: 200402-05
Synopsis
=======
A vulnerability in phpMyAdmin which was not properly verifying user
generated input could lead to a directory traversal attack.
==========
A component of the phpMyAdmin software package (export.php) does not
properly verify input that is passed to it from a remote user. Since the
input is used to include other files, it is possible to launch a
directory traversal attack.
Impact
=====
Sensitive information could be gleaned from the server if an
attacker uses a malformed URL such as
]
In this scenario, the script does not sanitize the "what" argument
passed to it, allowing directory traversal attacks...Read the Full Advisory
Resolution
References
Availability
style>.gentoo_availability{display:block;}
Concerns
PREVIOUS
NEXT
Warning: Undefined array key "advisory_info" in /var/www/www.linuxsecurity.com-443/html/tmp/regularlabs/custom_php/3374862_4c9dbbdde36eef04251a4ced7eac4df9 on line 11
Background
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Affected Packages
Impact
Workaround
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!