Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 436
Alerts This Week
Warning Icon 1 436

Gentoo: GLSA-200402-05 Normal: phpMyAdmin Directory Traversal Issue

gentoo
Calendar Grey February 17, 2004
Dist Gentoo Esm H88
Protect your server against directory traversal threats in phpMyAdmin using this Gentoo bulletin and suggested patches.

A vulnerability in phpMyAdmin which was not properly verifying user generated input could lead to a directory traversal attack

Summary

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Gentoo Linux Security Advisory                           GLSA 200402-05
~                                           https://security.gentoo.org/

~ Severity: Normal ~ Title: phpMyAdmin < 2.5.6-rc1 directory traversal attack ~ Date: February 17, 2004 ~ Bugs: #40268 ~ ID: 200402-05

Synopsis ======= A vulnerability in phpMyAdmin which was not properly verifying user generated input could lead to a directory traversal attack.
========== A component of the phpMyAdmin software package (export.php) does not properly verify input that is passed to it from a remote user. Since the input is used to include other files, it is possible to launch a directory traversal attack.
Impact ===== Sensitive information could be gleaned from the server if an attacker uses a malformed URL such as ]
In this scenario, the script does not sanitize the "what" argument passed to it, allowing directory traversal attacks...

Read the Full Advisory

Resolution

References

Availability

style>.gentoo_availability{display:block;}

Concerns

Synopsis

Background

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

Impact

Workaround