From: SourceForge.net <no...@so...> - 2005-07-27 17:24:50
|
Bugs item #1246188, was opened at 2005-07-27 10:24 Message generated for change (Settings changed) made by coltzhao You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=418980&aid=1246188&group_id=37132 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: None Group: None Status: Open Resolution: None Priority: 5 Submitted By: coltzhao (coltzhao) Assigned to: Nobody/Anonymous (nobody) >Summary: phpPgAdmin "formLanguage" Local File Inclusion Vulnerability Initial Comment: From http://secunia.com/advisories/15941/ A vulnerability has been reported in phpPgAdmin, which can be exploited by malicious people to disclose sensitive information. Input passed to the "formLanguage" parameter in "index.php" isn't properly verified, before it is used to include files. This can be exploited to include arbitrary files from local resources. Successful exploitation requires that "magic_quotes_gpc" is disabled. The vulnerability has been confirmed in version 3.5.3. Prior versions may also be affected. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=418980&aid=1246188&group_id=37132 |