ugrás a tartalomhoz

phpMyAdmin "server_privileges.php" Remote SQL Injection Vulnerability

Török Gábor · 2005. Dec. 20. (K), 06.29
Egyelőre nincs javítás

idézet a phpsec levlistáról

Dualon · 2005. Dec. 20. (K), 07.24
About this recent message

I replied:

"We don't think that this is a real problem. The server_privileges.php script checks at the beginning if the user is privileged. So, for this attack to work, the victim's phpMyAdmin installation would have to be set as to allow any user to auto-login as a privileged user. If this is the case, this phpMyAdmin installation is wide open to any action, and this has to be fixed by the person who installed phpMyAdmin. "

Marc Delisle
phpMyAdmin team