phpMyAdmin 4.x < 4.0.4.1 import.php GLOBALS Variable Injection Configuration Parameter Manipulation (PMASA-2013-7)

According to its self-identified version number, the phpMyAdmin 4.x install hosted on the remote web server is earlier than 4.0.4.1 and, therefore, contains a flaw where the 'import.php' script does not properly sanitize input. This could allow attackers to inject arbitrary GLOBALS variables and...

Global variable scope injection.

PMASA-2013-7 Announcement-ID: PMASA-2013-7 Date: 2013-06-30 Updated: 2013-07-01 Summary Global variable scope injection. Description The import.php script was vulnerable to GLOBALS variable injection. Therefore, an attacker could manipulate any configuration parameter. Severity We consider this...

phpMyAdmin -- Global variable scope injection

The phpMyAdmin development team reports: The import.php script was vulnerable to GLOBALS variable injection. Therefore, an attacker could manipulate any configuration parameter. This vulnerability can be triggered only by someone who logged in to phpMyAdmin, as the usual token protection prevents...

Docebo GLOBALS Variable Overwrite Vulnerability (Aug 2008)

Docebo is prone to vulnerable remote and local file inclusion vulnerabilities. SPDX-FileCopyrightText: 2008 Ferdy Riphagen Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only Original...

Directory traversal

Directory traversal vulnerability in PHPList 2.10.2 and earlier allows remote attackers to include arbitrary local files via the 1 GLOBALSdatabasemodule or 2 GLOBALSlanguagemodule parameters, which overwrite the underlying $GLOBALS variable...

phpMyAdmin: Multiple vulnerabilities

Background phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the web. Description Stefan Esser from Hardened-PHP reported about multiple vulnerabilties found in phpMyAdmin. The $GLOBALS variable allows modifying the global variable importblacklist to open...

Mambo Open Source / Joomla! GLOBALS Variable Remote File Include

The version of Mambo Open Source or Joomla! running on the remote host is affected by a remote file include vulnerability due to allowing the the GLOBALS variable array to be overwritten whenever the PHP 'registerglobals' setting is disabled. An unauthenticated, remote attacker can exploit this...

CVE-2004-1937

Multiple directory traversal vulnerabilities in Nuked-KlaN 1.4b and 1.5b allow remote attackers to read or include arbitrary files via .. sequences in 1 the userlangue parameter to index.php or 2 the langue parameter to update.php, or modify arbitrary GLOBAL variables by causing globals.php to be...