phpmyadmin -- Local file inclusion

2011-11-10T00:00:00
ID 1F6EE708-0D22-11E1-B5BD-14DAE938EC40
Type freebsd
Reporter FreeBSD
Modified 2011-11-10T00:00:00

Description

Jan Lieskovsky reports:

Importing a specially-crafted XML file which contains an XML entity injection permits to retrieve a local file (limited by the privileges of the user running the web server).