phpMyAdmin file include

phpmyadmin-file-include (19465) The risk level is classified as MediumMedium Risk

Description:

phpMyAdmin could allow a remote attacker to include arbitrary files. If magic_quotes_gpc is disabled and register_globals is enabled, a remote attacker could send a specially-crafted URL to the phpmyadmin.css.php script that uses the GLOBALS[cfg][ThemePath] parameter or to the database_interface.lib.php script that uses the cfg[Server][extension] parameter to specify a malicious file from the local system, which would allow the attacker to execute code on the vulnerable system with privileges of the vulnerable system.

Platforms Affected:

  • Gentoo, Linux
  • phpMyAdmin, phpMyAdmin 2.6.1

Remedy:

Upgrade to the latest version of phpMyAdmin (2.6.1-pl1 or later), available from the phpMyAdmin Download Web page. See References.

For Gentoo Linux:
Upgrade to the latest version of phpMyAdmin (2.6.1_p2-r1 or later), as listed in GLSA200503-07. See References.

For other distributions:
Contact your vendor for upgrade or patch information.

Consequences:

Gain Access

References:

  • phpMyAdmin Download Web page, phpMyAdmin > Downloads | MySQL Database Administration Tool | www.phpmyadmin.net at http://www.phpmyadmin.net/home_page/downloads.php.
  • BID-12645: PHPMyAdmin Multiple Local File Include Vulnerabilities
  • CVE-2005-0544: phpMyAdmin 2.6.1 allows remote attackers to obtain the full path of the server via direct requests to (1) sqlvalidator.lib.php, (2) sqlparser.lib.php, (3) select_theme.lib.php, (4) select_lang.lib.php, (5) relation_cleanup.lib.php, (6) header_meta_style.inc.php, (7) get_foreign.lib.php, (8) display_tbl_links.lib.php, (9) display_export.lib.php, (10) db_table_exists.lib.php, (11) charset_conversion.lib.php, (12) ufpdf.php, (13) mysqli.dbi.lib.php, (14) setup.php, or (15) cookie.auth.lib.php, which reveals the path in a PHP error message.
  • CVE-2005-0567: Multiple PHP remote file inclusion vulnerabilities in phpMyAdmin 2.6.1 allow remote attackers to execute arbitrary PHP code by modifying the (1) theme parameter to phpmyadmin.css.php or (2) cfg[Server][extension] parameter to database_interface.lib.php to reference a URL on a remote web server that contains the code.
  • GLSA-200503-07: phpMyAdmin: Multiple vulnerabilities
  • SA14382: phpMyAdmin Local File Inclusion and Cross-Site Scripting

Reported:

Feb 24, 2005

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page