Il Tuesday 25 August 2009 14:12:01 Nico Golde ha scritto: > * Michele Bonera <mich...@bonera.biz> [2009-08-25 13:43]: > > Package: phpmyadmin > > Version: 4:2.9.1.1-11 > > Severity: grave > > Tags: security > > Justification: user security hole > > > > After install, you can access http://{host}/phpmyadmin/scripts/setup.php > > without entering any password. By adding a new host in the configuration, > > an attacker can submit malicius code to execute commands as www-data > > user. > How can an attacker add a new host in the configuration?
Sorry, I meant a new server in the servers list. Cheers, -- Michele Bonera www.bonera.biz -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
