phpPgAdmin 4.2.1 - '_language' Local File Inclusion CVE-2008-5587 Scanner Detail
In phpPgAdmin 4.2.1, there is Local File Inclusion vulnerability.
Directory traversal vulnerability in libraries/lib.inc.php in phpPgAdmin 4.2.1 and earlier, when register_globals is enabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the _language parameter to index.php.
Some Advice for Common Problems
- You need to apply related fixes.
- Sanitize all parameters received as input from the user.