<<< Date Index >>>     <<< Thread Index >>>

Re: phpMyAdmin server_privileges.php SQL Injection Vulnerabilities.



Hi

There is no vulnerability in this - user needs to be logged in. You can do same 
(without messing SQL injection) by directly passing SQL statements to 
import.php or sql.php. Yes phpMyAdmin allows to execute queries to 
authenticated users, but it's main task of this program and can not be 
considered as vulnerability.

Michal