FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

phpmyadmin -- file disclosure vulnerability

Affected packages
phpMyAdmin < 2.6.1.r1

Details

VuXML ID 9f0a405e-4edd-11d9-a9e7-0001020eed82
Discovery 2004-12-13
Entry 2004-12-15
Modified 2004-12-19

A phpMyAdmin security announcement reports:

File disclosure: on systems where the UploadDir mecanism is active, read_dump.php can be called with a crafted form; using the fact that the sql_localfile variable is not sanitized can lead to a file disclosure.

Enabling PHP safe mode on the server can be used as a workaround for this vulnerability.

References

CVE Name CVE-2004-1148
URL http://www.exaprobe.com/labs/advisories/esa-2004-1213.html
URL http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2004-4