Apparently phpMyAdmin has a file disclosure problem too, check these two bugs: https://sourceforge.net/tracker/index.php?func=detail&aid=1149381&group_id=23067&atid=377408 (file disclosure via php include) https://sourceforge.net/tracker/index.php?func=detail&aid=1149383&group_id=23067&atid=377408 (pathname disclosure of installation) Both rely on attackers overwriting the phpMyAdmin configuration using CGI parameters. Final fix is apparently in CVS at phpMyAdmin: http://cvs.sourceforge.net/viewcvs.py/phpmyadmin/phpMyAdmin/libraries/grab_globals.lib.php?r1=2.5&r2=2.5.4.3
Those bugs are in the Secunia thing already, and fixed in 2.6.1-pl2 *** This bug has been marked as a duplicate of 83190 ***
