Multiple PHP remote file inclusion vulnerabilities in phpMyAdmin 2.6.1 allow remote attackers to execute arbitrary PHP code by modifying the (1) theme parameter to phpmyadmin.css.php or (2) cfg[Server][extension] parameter to database_interface.lib.php to reference a URL on a remote web server that contains the code.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Phpmyadmin | Phpmyadmin | 2.6.1 (including) | 2.6.1 (including) |
References
- http://marc.info/?l=bugtraq\u0026m=110929725801154\u0026w=2
- http://secunia.com/advisories/14382/
- http://sourceforge.net/tracker/index.php?func=detail\u0026aid=1149381\u0026group_id=23067\u0026atid=377408
- http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2005-1
- http://www.securityfocus.com/bid/12645
- https://exchange.xforce.ibmcloud.com/vulnerabilities/19465
- http://marc.info/?l=bugtraq\u0026m=110929725801154\u0026w=2
- http://secunia.com/advisories/14382/
- http://sourceforge.net/tracker/index.php?func=detail\u0026aid=1149381\u0026group_id=23067\u0026atid=377408
- http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2005-1
- http://www.securityfocus.com/bid/12645
- https://exchange.xforce.ibmcloud.com/vulnerabilities/19465