Mysql의 관리를 웹상에서 편리하게 할수 있게 해주는 프로그램인 phpmyadmin의 보안 버그가 발견되었습니다. 이하버전에 취약점이 존재한다고 하니 phpmyadmin을 사용하시는 분들은 업그레이드를 하시는것이

출처 :

phpMyAdmin security announcement PMASA-2008-3

Announcement-ID: PMASA-2008-3
Date: 2008-04-22
Updated: 2008-04-27

File disclosure on shared hosts via a crafted HTTP POST request.

We received an advisory from Cezary Tomczak, and we wish to thank him for his work.

It is possible to read the contents of any file that the web server's user can access.

The exact mechanism to achieve this won't be disclosed.

We consider this vulnerability to be serious.

Mitigation factor:

If a user can upload on the same host where phpMyAdmin is running, a PHP script that can read files with

the rights of the web server's user, the current advisory does not describe an additional threat.

Affected versions:
Versions before

Upgrade to phpMyAdmin or newer.

Cezary Tomczak's advisory
Revision 11205
Revision 11211

관련링크 :

+ Recent posts