Announcement-ID: PMASA-2005-5
Date: 2005-10-22
Updated: 2005-10-25
(1) Local file inclusion vulnerability and (2) Cross-Site Scripting vulnerability
We received a security advisory from Stefan Esser (sesser@hardened-php.net) about (1). We received a security advisory from Tobias Klein (tk@trapkit.de) about (2). We wish to thank both of them for their work.
(1) : Due to the sequence of execution in the code that gets form parameters in some scripts, it was possible to craft a special attack form that overwrites configuration parameters.
(2) : Some scripts were vulnerable to XSS attacks: left.php, queryframe.php and server_databases.php.
We consider these vulnerabilities to be serious. However, (1) can be exploited only on systems not running in PHP safe mode (unless a deliberate hole was opened by including in open_basedir some paths containing sensitive data).
We did not make an extensive verification on this. Probably all previous versions.
Upgrade to phpMyAdmin 2.6.4-pl3 or newer.
For (1): http://www.hardened-php.net/advisory_162005.73.html
For (2): http://www.trapkit.de/advisories/TKADV2005-10-001.txt
CWE ids: CWE-661 CWE-98 CWE-79
For further information and in case of questions, please contact the phpMyAdmin team. Our website is phpmyadmin.net.