Red Hat Bugzilla – Bug 476823
CVE-2008-5587 phpPgAdmin: directory traversal flaw in libraries/lib.inc.php
Last modified: 2009-01-09 03:40:57 EST
Common Vulnerabilities and Exposures assigned an identifier CVE-2008-5587 to the following vulnerability:
Directory traversal vulnerability in libraries/lib.inc.php in
phpPgAdmin 4.2.1 and earlier, when register_globals is enabled, allows
remote attackers to read arbitrary files via a .. (dot dot) in the
_language parameter to index.php.
(no fix there yet, making sure $_language is unset before use should do the
phpPgAdmin-4.2.2-1.fc9 has been submitted as an update for Fedora 9.
phpPgAdmin-4.2.2-1.fc10 has been submitted as an update for Fedora 10.
phpPgAdmin-4.2.2-1.fc8 has been submitted as an update for Fedora 8.
Fixed upstream in 4.2.2.
Already pushed the package(s) to repositories :) . I contacted with phpPgAdmin team yesterday, and they provided a quick fix.
phpPgAdmin-4.2.2-1.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.
phpPgAdmin-4.2.2-1.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report.
phpPgAdmin-4.2.2-1.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
This issue was addressed in: