Title: PHPMyAdmin File Inclusion Arbitrary Command Execution Vulnerability
Severity: HIGH
Description:
phpMyAdmin is a freely available, open source software package maintained by the phpMyAdmin Development Team. phpMyAdmin provides a graphical interface and friendly controls to MySQL.
A problem with input validation in the software package could allow a remote user to include files to be executed, which could result in arbitrary command execution, and potentially elevated privileges.
The problem occurs in the handling of input by the sql.php script. The sql.php script accepts input that has been generated by the user. However, the script does not sufficiently strip the input of slashes and dots, allowing remote users to supply things such as "../" and "../../".
It is possible to supply an include file residing anywhere on the file system. In the event of a user being able to upload an arbitrary include file containing code, the user would then be able to supply the path to this file, executing the code with the permissions of the Web user.
Affected Products:
- phpMyAdmin phpMyAdmin 2.1.0
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
