phpmyadmin Version 2.6.4 patch level 2 released [10.11.2005] Date: Wednesday, October 12 @ 15:31:08 CEST Topic: Security phpmyadmin Version 2.6.4 patch level 2 released [10.11.2005] due to serious vulnerability we came up with the new patch level. see the PMASA-2005-4 here Summary: Local file inclusion vulnerability Description: In libraries/grab_globals.lib.php, the $__redirect parameter was not correctly validated, opening the door to a local file inclusion attack. Severity: We consider this vulnerability to be serious. However, it can be exploited only on systems not running in PHP safe mode (unless a deliberate hole was opened by including in open_basedir some paths containing sensitive data). Affected versions: phpMyAdmin versions 2.6.4 and 2.6.4-pl1. Solution: Upgrade to phpMyAdmin 2.6.4-pl2 or newer. see the featurelist This article comes from NukeCops http://www.nukecops.com The URL for this story is: http://www.nukecops.com/modules.php?name=News&file=article&sid=4807