phpMyAdmin file include

phpmyadmin-file-include (19465) The risk level is classified as MediumMedium Risk


phpMyAdmin could allow a remote attacker to include arbitrary files. If magic_quotes_gpc is disabled and register_globals is enabled, a remote attacker could send a specially-crafted URL to the phpmyadmin.css.php script that uses the GLOBALS[cfg][ThemePath] parameter or to the database_interface.lib.php script that uses the cfg[Server][extension] parameter to specify a malicious file from the local system, which would allow the attacker to execute code on the vulnerable system with privileges of the vulnerable system.


Gain Access


Upgrade to the latest version of phpMyAdmin (2.6.1-pl1 or later), available from the phpMyAdmin Download Web page. See References.

For Gentoo Linux:
Upgrade to the latest version of phpMyAdmin (2.6.1_p2-r1 or later), as listed in GLSA200503-07. See References.

For other distributions:
Contact your vendor for upgrade or patch information.


  • phpMyAdmin Download Web page: phpMyAdmin > Downloads | MySQL Database Administration Tool |
  • BID-12645: PHPMyAdmin Multiple Local File Include Vulnerabilities
  • CVE-2005-0544: phpMyAdmin 2.6.1 allows remote attackers to obtain the full path of the server via direct requests to (1) sqlvalidator.lib.php, (2) sqlparser.lib.php, (3) select_theme.lib.php, (4) select_lang.lib.php, (5) relation_cleanup.lib.php, (6), (7) get_foreign.lib.php, (8) display_tbl_links.lib.php, (9) display_export.lib.php, (10) db_table_exists.lib.php, (11) charset_conversion.lib.php, (12) ufpdf.php, (13) mysqli.dbi.lib.php, (14) setup.php, or (15) cookie.auth.lib.php, which reveals the path in a PHP error message.
  • CVE-2005-0567: Multiple PHP remote file inclusion vulnerabilities in phpMyAdmin 2.6.1 allow remote attackers to execute arbitrary PHP code by modifying the (1) theme parameter to phpmyadmin.css.php or (2) cfg[Server][extension] parameter to database_interface.lib.php to reference a URL on a remote web server that contains the code.
  • GLSA-200503-07: phpMyAdmin: Multiple vulnerabilities
  • OSVDB ID: 14094: phpMyAdmin phpmyadmin.css.php Remote File Inclusion
  • OSVDB ID: 14095: phpMyAdmin database_interface.lib.php Local File Inclusion
  • OSVDB ID: 14374: phpMyAdmin /libraries/sqlvalidator.lib.php Direct Request Path Disclosure
  • OSVDB ID: 14376: phpMyAdmin /libraries/select_theme.lib.php Direct Request Path Disclosure
  • OSVDB ID: 14378: phpMyAdmin /libraries/relation_cleanup.lib.php Direct Request Path Disclosure
  • OSVDB ID: 14379: phpMyAdmin /libraries/ Direct Request Path Disclosure
  • OSVDB ID: 14380: phpMyAdmin get_foreign.lib.php Path Disclosure
  • OSVDB ID: 14381: phpMyAdmin display_tbl_links.lib.php Multiple Variable Path Disclosure
  • OSVDB ID: 14382: phpMyAdmin /libraries/display_export.lib.php Direct Request Path Disclosure
  • OSVDB ID: 14384: phpMyAdmin charset_conversion.lib.php Path Disclosure
  • OSVDB ID: 14385: phpMyAdmin /libraries/fpdf/ufpdf.php Direct Request Path Disclosure
  • OSVDB ID: 14386: phpMyAdmin mysqli.dbi.lib.php Path Disclosure
  • OSVDB ID: 14387: phpMyAdmin setup.php Path Disclosure
  • OSVDB ID: 14388: phpMyAdmin cookie.auth.lib.php Path Disclosure
  • OSVDB ID: 8500: phpMyAdmin /libraries/sqlparser.lib.php Direct Request Path Disclosure
  • OSVDB ID: 8501: phpMyAdmin /libraries/db_table_exists.lib.php Direct Request Path Disclosure
  • SA14382: phpMyAdmin Local File Inclusion and Cross-Site Scripting

Platforms Affected:

  • Gentoo Linux
  • phpMyAdmin phpMyAdmin 2.6.1


Feb 24, 2005

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email ignore thisxforceignore this@ignore thisus.ignore thisibm.comignore this

Return to the main page