Bugtraq mailing list archives
Re: phpMyAdmin server_privileges.php SQL Injection Vulnerabilities.
From: michal () cihar com
Date: 19 Dec 2005 08:50:18 -0000
Hi There is no vulnerability in this - user needs to be logged in. You can do same (without messing SQL injection) by directly passing SQL statements to import.php or sql.php. Yes phpMyAdmin allows to execute queries to authenticated users, but it's main task of this program and can not be considered as vulnerability. Michal
Current thread:
- phpMyAdmin server_privileges.php SQL Injection Vulnerabilities. Alice Bryson (Dec 17)
- <Possible follow-ups>
- Re: phpMyAdmin server_privileges.php SQL Injection Vulnerabilities. michal (Dec 19)