phpMyAdmin Theme Variable Local File Inclusion Vulnerability

info
discussion
exploit
solution
references

phpMyAdmin Theme Variable Local File Inclusion Vulnerability

phpMyAdmin is prone to a local file include vulnerability.

An attacker may leverage this issue to execute arbitrary server-side script code that resides on an affected computer with the privileges of the Web server process. This may potentially facilitate unauthorized access.

phpMyAdmin 2.6.4-pl2 and earlier versions are reported to be vulnerable.