(SRADV00008) Remote command execution vulnerabilities in phpMyAdmin and phpPgAdmin

================================================= Secure Reality Pty Ltd. Security Advisory 8 SRADV00008 http://www.securereality.com.au ================================================= Title Remote command execution vulnerabilities in phpMyAdmin and phpPgAdmin Released 2/7/2001 Vulnerable -...

phpMyAdmin 2.1.0 + world readable (apache) log files enable remote user to run arbitrary PHP Codes as apache user.

Note : sorry for my pity english. First of all, i want to ask a question, is it normal that if, in a MySQL query -via PHP-, i put "select from $table" . "files where ID=1" and i post table="atable ", MySQL consider the new query as a valid one so the final query will be "select from atable" ? It'...

CVE-2001-0478

Directory traversal vulnerability in phpMyAdmin 2.2.0 and earlier versions allows remote attackers to execute arbitrary code via a .. dot dot in an argument to the sql.php script...

CVE-2001-0478

CVE-2001-0478 affects phpMyAdmin 2.2.0 and earlier. The vulnerability is a directory traversal in the sql.php parameter that allows a remote attacker to execute arbitrary code by supplying a .. path segment. Several sources corroborate arbitrary code execution or arbitrary file access via sql.php...

CVE-2001-0478

Directory traversal vulnerability in phpMyAdmin 2.2.0 and earlier versions allows remote attackers to execute arbitrary code via a .. dot dot in an argument to the sql.php script...

(SRPRE00001) phpMyAdmin 2.1.0 and phpPgAdmin 2.2.1

================================================= Secure Reality Pty Ltd. Security Pre-Advisory 1 SRPRE00001 http://www.securereality.com.au ================================================= Title Remote command execution vulnerabilities in phpMyAdmin and phpPgAdmin Released 23/4/2001 This is a...