FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

phpmyadmin -- file disclosure vulnerability

Affected packages
phpMyAdmin < 2.6.1.r1


VuXML ID 9f0a405e-4edd-11d9-a9e7-0001020eed82
Discovery 2004-12-13
Entry 2004-12-15
Modified 2004-12-19

A phpMyAdmin security announcement reports:

File disclosure: on systems where the UploadDir mecanism is active, read_dump.php can be called with a crafted form; using the fact that the sql_localfile variable is not sanitized can lead to a file disclosure.

Enabling PHP safe mode on the server can be used as a workaround for this vulnerability.


CVE Name CVE-2004-1148