FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

phpmyadmin -- remote command execution vulnerability

Affected packages
phpMyAdmin < 2.6.0.2
phpmyadmin < 2.6.0.2

Details

VuXML ID fc07c9ca-22ce-11d9-814e-0001020eed82
Discovery 2004-10-11
Entry 2004-10-20

From the phpMyAdmin 2.6.0p2 release notes:

If PHP is not running in safe mode, a problem in the MIME-based transformation system (with an "external" transformation) allows to execute any command with the privileges of the web server's user.

References

Bugtraq ID 11391
URL http://sourceforge.net/project/shownotes.php?release_id=274709
URL http://sourceforge.net/tracker/index.php?func=detail&aid=1044864&group_id=23067&atid=377408