Menu
▾
▴
#2604 (ok 2.11.4) Fatal error reveals the absolute path
from the irc channel:
rsc (n=robert@fedora/rsc) has joined #phpmyadmin
<rsc> btw, why is CVE-2007-0095 not fixed since 2.9.1.1?
<rsc> http://pma.cihar.com/themes/darkblue_orange/layout.inc.php <- CVE-2007-0095 is still unfixed.
(Robert seems to be the Fedora phpMyAdmin maintainer)
see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0095
result when called directly:
Fatal error: Call to a member function getImgPath() on a non-object in
C:\PMA\QA211\themes\darkblue_orange\layout.inc.php
on line 75 (also confirmed on the demo server)
my suggested simple fix for themes/darkblue_orange/layout.inc.php:
<?php
// or after the header comment
if(empty($_SESSION['PMA_Theme'])) {
exit;
}
just my .02 €
Jürgen
Logged In: YES
user_id=203809
Originator: NO
See also https://bugzilla.redhat.com/show_bug.cgi?id=221694 for example, where another patch lives which seems okay for Michal Cihar.
Logged In: YES
user_id=210714
Originator: NO
A patch for this minor security problem will be merged for 2.11.4.
Logged In: YES
user_id=210714
Originator: NO
Please, for security issue, use the "Private" checkbox.
Logged In: YES
user_id=326580
Originator: NO
so this is ok for 2.11.4 ?
Logged In: YES
user_id=210714
Originator: NO
Yes, I would merge Juergen's patch just before releasing 2.11.4 (or 2.11.4-rc1).
Logged In: YES
user_id=210714
Originator: NO
Patch:
http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/QA_2_11/phpMyAdmin/themes/darkblue_orange/layout.inc.php?r1=11036&r2=11035&view=patch&pathrev=11036