Attackers could read arbitrary files due to a directory traversal vulnerability in phpPgAdmin (CVE-2008-5587).

This release fixes some bugs, and also fixes a security issue: * Fix bug where long SQL queries get truncated * Fix createFunction method on PostgreSQL < 7.3 * Fix bug with alter schema in PostgreSQL < 7.4 * Remove alter domain for PostgreSQL < 7.4 * Fix local file inclusion vulnerability: (CVE-2008-5587) http://www.securityfocus.com/bid/32670/ Unset language variable before determine file includes

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Several remote vulnerabilities have been discovered in phpPgAdmin, a tool to administrate PostgreSQL database over the web. The Common Vulnerabilities and Exposures project identifies the following problems :

  - CVE-2007-2865     Cross-site scripting vulnerability allows remote     attackers to inject arbitrary web script or HTML via the     server parameter.

  - CVE-2007-5728     Cross-site scripting vulnerability allows remote     attackers to inject arbitrary web script or HTML via     PHP_SELF.

  - CVE-2008-5587     Directory traversal vulnerability allows remote     attackers to read arbitrary files via _language     parameter.

Secunia reports :

Dun has discovered a vulnerability in phpPgAdmin, which can be exploited by malicious people to disclose sensitive information.

Input passed via the '_language' parameter to libraries/lib.inc.php is not properly sanitised before being used to include files. This can be exploited to include arbitrary files from local resources via directory traversal attacks and URL-encoded NULL bytes.

The remote host is running phpPgAdmin, a web-based administration tool for PostgreSQL. 

The installed version of phpPgAdmin fails to filter user-supplied input to the '_language' parameter before using it to include PHP code in 'libraries/lib.inc.php'.  Provided PHP's 'register_globals' setting is enabled, an unauthenticated attacker may be able to leverage this issue to view arbitrary files or possibly to execute arbitrary PHP code on the remote host, subject to the privileges of the web server user id.

update to 5.0.4, fix for bnc#754694 (CVE-2012-1600)

ID	Name	Product	Family	Published	Updated	Severity
40297	openSUSE Security Update : phpPgAdmin (phpPgAdmin-503)	Nessus	SuSE Local Security Checks	7/21/2009	1/14/2021	medium
35682	openSUSE 10 Security Update : phpPgAdmin (phpPgAdmin-5984)	Nessus	SuSE Local Security Checks	2/13/2009	1/14/2021	medium
36894	Fedora 10 : phpPgAdmin-4.2.2-1.fc10 (2008-11564)	Nessus	Fedora Local Security Checks	4/23/2009	1/11/2021	medium
35276	Debian DSA-1693-2 : phppgadmin - several vulnerabilities	Nessus	Debian Local Security Checks	12/29/2008	1/4/2021	high
35937	FreeBSD : phppgadmin -- directory traversal with register_globals enabled (4ce3c20b-124b-11de-a964-0030843d3802)	Nessus	FreeBSD Local Security Checks	3/17/2009	1/6/2021	medium
35060	phpPgAdmin index.php _language Parameter Local File Inclusion	Nessus	CGI abuses	12/8/2008	4/11/2022	medium
35234	Fedora 8 : phpPgAdmin-4.2.2-1.fc8 (2008-11576)	Nessus	Fedora Local Security Checks	12/21/2008	1/11/2021	medium
35239	Fedora 9 : phpPgAdmin-4.2.2-1.fc9 (2008-11602)	Nessus	Fedora Local Security Checks	12/21/2008	1/11/2021	medium
40109	openSUSE Security Update : phpPgAdmin (phpPgAdmin-503)	Nessus	SuSE Local Security Checks	7/21/2009	1/14/2021	medium
74596	openSUSE Security Update : phpPgAdmin (openSUSE-SU-2012:0493-1)	Nessus	SuSE Local Security Checks	6/13/2014	1/19/2021	medium

Detections

Analytics

Plugins Search

medium

medium

medium

high

medium

medium

medium

medium

medium

medium