Short Name |
HTTP:PHP:PHPMYADMIN:LOCALFILE |
---|---|
Severity |
Warning |
Recommended |
No |
Category |
HTTP |
Keywords |
SQL_LOCALFILE Infromation Disclosure |
Release Date |
2005/03/09 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit a SQL_LOCALFILE information disclosure vulnerability in phpMyAdmin versions earlier than 2.6.1-rc1. Because these versions do not properly sanitized input, attackers can remotely access arbitrary files.
phpMyAdmin is reported prone to multiple remote vulnerabilities. These issues can allow remote attackers to execute arbitrary commands and disclose files on a vulnerable computer. These issues result from insufficient sanitization of user-supplied data. The command execution is reported to be present since phpMyAdmin 2.6.0-pl2. The file disclosure is present since phpMyAdmin 2.4.0.