FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Remote code injection in phpMyAdmin

Affected packages
phpMyAdmin < 2.5.7.1

Details

VuXML ID 0d4c31ac-cb91-11d8-8898-000d6111a684
Discovery 2004-06-29
Entry 2004-07-02
Modified 2004-09-28

This vulnerability would allow remote user to inject PHP code to be executed by eval() function. This vulnerability is only exploitable if variable $cfg['LeftFrameLight'] is set to FALSE (in file config.inc.php).

References

Message 20040629025752.976.qmail@www.securityfocus.com
URL http://eagle.kecapi.com/sec/fd/phpMyAdmin.html
URL http://secunia.com/advisories/11974
URL http://sf.net/forum/forum.php?forum_id=387635