Bugtraq mailing list archives
Re: php codes injection in phpMyAdmin version 2.5.7.
From: Marc Delisle <DelislMa () CollegeSherbrooke qc ca>
Date: 30 Jun 2004 19:43:11 -0000
In-Reply-To: <20040629025752.976.qmail () www securityfocus com> The Internet, 2004-06-30 Greetings, The phpMyAdmin development team announces the availability of phpMyAdmin 2.5.7, patch level 1. This version fixes the vulnerability dated 2004-06-29, released on BUGTRAQ.
From our Documentation.html, FAQ 8.2:
"We acknowledge that phpMyAdmin versions 2.5.1 to 2.5.7 are vulnerable to this problem, if each of the following conditions are met: * The Web server hosting phpMyAdmin is not running in safe mode. * In config.inc.php, $cfg['LeftFrameLight'] is set to FALSE (the default value of this parameter is TRUE). * There is no firewall blocking requests from the Web server to the attacking host." We would like to put emphasis on the disappointment we feel when a bugreporter does not contact the authors of a software first, before posting any exploits. The common way to report this, is to give the developers a reasonable amount of time to respond to an exploit before it is made public. Marc Delisle, for the team.
Current thread:
- Re: php codes injection in phpMyAdmin version 2.5.7. Marc Delisle (Jul 01)
- <Possible follow-ups>
- Re: php codes injection in phpMyAdmin version 2.5.7. Marc Delisle (Jul 01)