phpMyAdmin < 2.5.6-rc1 Arbitrary File Access
Medium Nessus Network Monitor Plugin ID 2419
SynopsisThe remote host is vulnerable to a flaw that allows attackers to retrieve sensitive files or data.
DescriptionVersions of phpMyAdmin prior to 2.5.6-rc1 are affected by a file access flaw. It is possible to make the remote phpMyAdmin installation read arbitrary data on the remote host by using a malformed URL. An attacker may use this flaw to read '/etc/passwd' or any file that a web server has the right to access.
SolutionUpgrade to phpMyAdmin 2.5.6-rc1 or higher.