|
|
CVE Reference: CVE-2006-6943 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2006-6943 |
|
|
Description: PhpMyAdmin before 2.9.1.1 allows remote attackers to obtain the full server path via direct requests to (a) scripts/check_lang.php and (b) themes/darkblue_orange/layout.inc.php; and via the (1) lang[], (2) target[], (3) db[], (4) goto[], (5) table[], and (6) tbl_group[] array arguments to (c) index.php, and the (7) back[] argument to (d) sql.php; and an invalid (8) sort_by parameter to (e) server_databases.php and (9) db parameter to (f) db_printview.php. |
|
|
CVE Status: Candidate |
|
|
References: CONFIRM http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2006-8 BUGTRAQ http://marc.theaimsgroup.com/?l=bugtraq&m=116370414309444&w=2 BID 21137 |
|
| Return to the previous page. |
