phpMyAdmin 2.x - Information Disclosure

Author: Lorenzo Manuel Hernandez Garcia-Hierro
type: webapps
platform: php
port: 
date_added: 2003-06-18 
date_updated: 2012-11-18 
verified: 1 
codes: OSVDB-8450 
tags: 
aliases:  
screenshot_url:  
application_url: 

source: https://www.securityfocus.com/bid/7963/info

A vulnerability has been reported for phpMyAdmin that may reveal the contents of directories to remote attackers. The vulnerability exists due to insufficient sanitization of user-supplied input. Specifically, dot-dot-slash '../' directory traversal sequences are not sufficiently sanitized from URI parameters.

http://localhost/mysql/db_details_importdocsql.php?submit_show=true&do=import&docpath=[../../../]