https://www.securityfocus.com/bid/90236
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200505-043

phpMyAdmin2.6.1允许远程攻击者通过对(1)sqlvalidator.lib.php，(2)sqlparser.lib.php，(3)select_theme.lib.php，(4)select_lang.lib.php，(5)relation_cleanup.lib.php，(6)header_meta_style.inc.php，(7)get_foreign.lib.php，(8)display_tbl_links.lib.php，(9)display_export.lib.php，(10)db_table_exists.lib.php，(11)charset_conversion.lib.php，(12)ufpdf.php，(13)mysqli.dbi.lib.php，(14)setup.php或(15)cookie.auth.lib.php的直接请求来获取服务器的完整路径，从而在PHP出错消息中透露路径。

phpMyAdmin phpMyAdmin 2.6.1

来源:GENTOO
名称:GLSA-200503-07
链接:http://www.gentoo.org/security/en/glsa/glsa-200503-07.xml
来源:SECUNIA
名称:14382
链接:http://secunia.com/advisories/14382
来源:sourceforge.net
链接:http://sourceforge.net/tracker/index.php?func=detail&aid;=1149383&group;_id=23067&atid;=377408