vendor:
phpMyAdmin
by:
SecurityFocus
7.5
CVSS
HIGH
Local File Include
94
CWE
Product Name: phpMyAdmin
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2005
phpMyAdmin Multiple Local File Include Vulnerabilities
phpMyAdmin is affected by multiple local file include vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied input prior to using it in a PHP 'include()', 'require()', 'require-once()', or similar function call. An attacker may leverage these issues to execute arbitrary server-side script code that resides on an affected computer with the privileges of the Web server process. This may potentially facilitate unauthorized access. It should be noted that these issues may also be leveraged to read arbitrary file on an affected computer with the privileges of the Web server.
Mitigation:
Input validation should be used to ensure that user-supplied input is properly sanitized before being used in a PHP 'include()', 'require()', 'require-once()', or similar function call.
