FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

phpmyadmin -- Shared Host Information Disclosure

Affected packages
phpMyAdmin < 2.11.5.2

Details

VuXML ID fe971a0f-1246-11dd-bab7-0016179b2dd5
Discovery 2008-04-23
Entry 2008-04-24
Modified 2008-09-17

A phpMyAdmin security announcement report:

It is possible to read the contents of any file that the web server's user can access. The exact mechanism to achieve this won't be disclosed. If a user can upload on the same host where phpMyAdmin is running a PHP script that can read files with the rights of the web server's user, the current advisory does not describe an additional threat.

References

CVE Name CVE-2008-1924
URL http://secunia.com/advisories/29944/
URL http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-3