FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Remote code injection in phpMyAdmin

Affected packages
		phpMyAdmin	<	2.5.7.1

Details

VuXML ID	0d4c31ac-cb91-11d8-8898-000d6111a684
Discovery	2004-06-29
Entry	2004-07-02
Modified	2004-09-28

This vulnerability would allow remote user to inject PHP code to be executed by eval() function. This vulnerability is only exploitable if variable $cfg['LeftFrameLight'] is set to FALSE (in file config.inc.php).

References

Message	20040629025752.976.qmail@www.securityfocus.com
URL	http://eagle.kecapi.com/sec/fd/phpMyAdmin.html
URL	http://secunia.com/advisories/11974
URL	http://sf.net/forum/forum.php?forum_id=387635