phpmyadmin -- file disclosure vulnerability

2004-12-13T00:00:00
ID 9F0A405E-4EDD-11D9-A9E7-0001020EED82
Type freebsd
Reporter FreeBSD
Modified 2004-12-19T00:00:00

Description

A phpMyAdmin security announcement reports:

File disclosure: on systems where the UploadDir mecanism is active, read_dump.php can be called with a crafted form; using the fact that the sql_localfile variable is not sanitized can lead to a file disclosure.

Enabling PHP safe mode on the server can be used as a workaround for this vulnerability.