Re: phpMyAdmin server_privileges.php SQL Injection Vulnerabilities.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Subject: Re: phpMyAdmin server_privileges.php SQL Injection Vulnerabilities.
From: michal@xxxxxxxxx
Date: 19 Dec 2005 08:50:18 -0000

Hi

There is no vulnerability in this - user needs to be logged in. You can do same (without messing SQL injection) by directly passing SQL statements to import.php or sql.php. Yes phpMyAdmin allows to execute queries to authenticated users, but it's main task of this program and can not be considered as vulnerability.

Michal

Prev by Date: [ GLSA 200512-10 ] Opera: Command-line URL shell command injection
Next by Date: Authenticated EIGRP DoS / Information leak
Previous by thread: phpMyAdmin server_privileges.php SQL Injection Vulnerabilities.
Next by thread: ZRCSA-200505: libremail - "pop.c" Format String Vulnerability
Index(es):
- Date
- Thread

[Index of Archives] [Linux Security] [Netfilter] [PHP] [Yosemite News] [Linux Kernel]

Powered by Linux