Hi,
Upstream's response for this:
| phpMyAdmin's team answer to vulnerability announcement
| of Dec 17, 2005
| [ http://www.securityfocus.com/archive/1/419709/30/0/threaded ]
|
| We don't think that this is a real threat. The server_privileges.php
| script checks at the beginning if the user is privileged. So, for this
| attack to work, the victim's phpMyAdmin installation would have to be
| set as to allow any user to auto-login as a privileged user! If this is
| the case, this phpMyAdmin installation is wide open and this situation
| has to be fixed by the person who configured phpMyAdmin.
|
| Marc Delisle, for the team
Cheers,
Moritz
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
