HTTP: SQL_LOCALFILE Infromation Disclosure

This signature detects attempts to exploit a SQL_LOCALFILE information disclosure vulnerability in phpMyAdmin versions earlier than 2.6.1-rc1. Because these versions do not properly sanitized input, attackers can remotely access arbitrary files.

Extended Description

phpMyAdmin is reported prone to multiple remote vulnerabilities. These issues can allow remote attackers to execute arbitrary commands and disclose files on a vulnerable computer. These issues result from insufficient sanitization of user-supplied data. The command execution is reported to be present since phpMyAdmin 2.6.0-pl2. The file disclosure is present since phpMyAdmin 2.4.0.

Affected Products

Phpmyadmin phpmyadmin

Short Name
HTTP:PHP:PHPMYADMIN:LOCALFILE
Severity
Warning
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
CVE-2004-1148 Disclosure Infromation SQL_LOCALFILE bid:11886
Release Date
03/09/2005
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3336
False Positive
Unknown
Vendors

Phpmyadmin

Suse

CVSS Score

5.0

Found a potential security threat?