Hi Dne Thu, 25 Jun 2009 21:59:30 +0200 Olaf van der Spek <olafvds...@gmail.com> napsal(a):
> I've no idea how the phpinfo() ended up in this file, but I've seen it on > multiple servers. Could this be a vulnerability in phpMyAdmin? Yes, it is PMASA-2009-3 http://www.phpmyadmin.net/home_page/security/PMASA-2009-3.php > Or some bug in the Debian package? However in Debian, setup script should be password protected by default, so only trusted user has access to it. -- Michal Čihař | http://cihar.com | http://blog.cihar.com
signature.asc
Description: PGP signature