Upstream: phpMyAdmin Announcement-ID: PMASA-2008-3 Date: 2008-04-22 Summary: File disclosure on shared hosts via a crafted HTML. Description: Upstream received an advisory from Cezary Tomczak, and we wish to thank him for his work. It is possible to read the contents of any file that the web server's user can access. The exact mechanism to achieve this won't be disclosed. Severity: Upstream considers this vulnerability to be serious. Mitigation factor: If a user can upload on the same host where phpMyAdmin is running, a PHP script that can read files with the rights of the web server's user, the current advisory does not describe an additional threat. Affected versions: Versions before 2.11.5.2. Solution: Upgrade to phpMyAdmin 2.11.5.2 or newer. References: Revision 11205
phpMyAdmin-2.11.5.2-1.fc7 has been submitted as an update for Fedora 7
phpMyAdmin-2.11.5.2-1.fc8 has been submitted as an update for Fedora 8