mailing list archives
Re: phpMyAdmin server_privileges.php SQL Injection Vulnerabilities.
From: michal () cihar com
Date: 19 Dec 2005 08:50:18 -0000
There is no vulnerability in this - user needs to be logged in. You can do same (without messing SQL injection) by
directly passing SQL statements to import.php or sql.php. Yes phpMyAdmin allows to execute queries to authenticated
users, but it's main task of this program and can not be considered as vulnerability.