2 matches found
phpMyAdmin 'what'参数本地文件包含漏洞
BUGTRAQ ID: 59462 CVECAN ID: CVE-2013-3240 phpmyadmin是MySQL数据库的在线管理工具,主要功能包括在线创建数据表、运行SQL语句、搜索查询数据以及导入导出数据等。 phpMyAdmin 4.0.0-rc3之前版本的Exprot功能存在目录遍历漏洞,经过身份验证的远程用户通过指定特制导出类型的参数,利用此漏洞可以包含任意文件,导致任意代码执行。 Php script "export.php" line 20: ------------------------ source code start...
Local file inclusion vulnerability.
PMASA-2013-4 Announcement-ID: PMASA-2013-4 Date: 2013-04-24 Summary Local file inclusion vulnerability. Description In the Export feature, a parameter specifying the export type was not correctly validated, opening the door to a local file inclusion attack. Severity We consider this vulnerability...