Announcement-ID: PMASA-2006-8
Date: 2006-11-17
Path disclosure vulnerability
We received a security advisory from laurent gaffié and we wish to thank him for his work. It was possible to disclose path by passing an array to several parameters.
We consider this vulnerability to be serious.
Probably all versions to 2.9.1.
Upgrade to phpMyAdmin 2.9.1.1 or newer.
Assigned CVE ids: CVE-2006-6374
The following commits have been made to fix this issue:
For further information and in case of questions, please contact the phpMyAdmin team. Our website is phpmyadmin.net.