http://www.securityfocus.com/bid/12645 (http://www.securityfocus.com/bid/12645/info/)

PLEASE NOTE: This does not effect the version of PhpMyAdmin installed on Hard Hat Hosting's servers. If you have installed any of the versions effected, please upgrade immediately.

The following was reported and is available at
http://www.securityfocus.com/bid/12645

============================== =====================

phpMyAdmin is affected by multiple remote file include vulnerabilities.
These issues are due to a failure of the application to properly
sanitize user-supplied input prior to using it in a PHP 'include()',
'require()', 'require-once()', or similar function call.

An attacker may leverage these issues to execute arbitrary server-side
script code on an affected computer with the privileges of the Web
server process. This will facilitate unauthorized access.

It should be noted that these issues may also be leveraged to read
arbitrary file on an affected computer with the privileges of the Web
server.

--
[phpsec] Mailing List
Brought to you by php|architect - http://www.phparch.com (http://www.phparch.com/)

For account maintenance, please visit http://www.phparch.com/phpsec