phpMyAdmin Multiple Input Validation Vulnerabilities

phpMyAdmin is prone to multiple vulnerabilities. The issues result from insufficient sanitization of user-supplied data. The following specific issues can affect the application:

It is reported that a malicious attacker can add arbitrary servers to phpMyAdmin. By constructing a URI request for the phpMyAdmin 'left.php' script an attacker may specify and add an arbitrary SQL server.

A remote attacker may exploit this vulnerability to replace server configurations and as a result introduce a malicious SQL server into the phpMyAdmin controlled server list.

phpMyAdmin is reported prone to a remote PHP code execution vulnerability. It is reported that a malicious database table name beginning with "'" will escape the quotes in a PHP eval() statement and will thereby permit an attacker to execute arbitrary PHP code.


 

Privacy Statement
Copyright 2010, SecurityFocus