[ppa-help] [ phppgadmin-Bugs-1246188 ] phpPgAdmin "formLanguage" Local File Inclusion Vulnerability

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Bugs item #1246188, was opened at 2005-07-27 10:24
Message generated for change (Settings changed) made by coltzhao
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=418980&aid=1246188&group_id=37132

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: None
Group: None
Status: Open
Resolution: None
Priority: 5
Submitted By: coltzhao (coltzhao)
Assigned to: Nobody/Anonymous (nobody)
>Summary: phpPgAdmin "formLanguage" Local File Inclusion Vulnerability

Initial Comment:
From http://secunia.com/advisories/15941/

A vulnerability has been reported in phpPgAdmin, which
can be exploited by malicious people to disclose
sensitive information.

Input passed to the "formLanguage" parameter in
"index.php" isn't properly verified, before it is used
to include files. This can be exploited to include
arbitrary files from local resources.

Successful exploitation requires that
"magic_quotes_gpc" is disabled.

The vulnerability has been confirmed in version 3.5.3.
Prior versions may also be affected.

----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=418980&aid=1246188&group_id=37132