Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-200412-19
HistoryDec 19, 2004 - 12:00 a.m.

phpMyAdmin: Multiple vulnerabilities

2004-12-1900:00:00
Gentoo Foundation
security.gentoo.org
20

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.018 Low

EPSS

Percentile

88.0%

JSON

Background

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL databases from a web-browser.

Description

Nicolas Gregoire (exaprobe.com) has discovered two vulnerabilities that exist only on a webserver where PHP safe_mode is off. These vulnerabilities could lead to command execution or file disclosure.

Impact

On a system where external MIME-based transformations are enabled, an attacker can insert offensive values in MySQL, which would start a shell when the data is browsed. On a system where the UploadDir is enabled, read_dump.php could use the unsanitized sql_localfile variable to disclose a file.

Workaround

You can temporarily enable PHP safe_mode or disable external MIME-based transformation AND disable the UploadDir. But instead, we strongly advise to update your version to 2.6.1_rc1.

Resolution

All phpMyAdmin users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=dev-db/phpmyadmin-2.6.1_rc1"
OSVersionArchitecturePackageVersionFilename
Gentooanyalldev-db/phpmyadmin< 2.6.1_rc1UNKNOWN

Related

openvas 6
nessus 4
securityvulns 1
phpmyadmin 1
debiancve 2
freebsd 2
cve 2
openvas
openvas
Gentoo Security Advisory GLSA 200412-19 (phpmyadmin)
2008-09-24 00:00:00
Gentoo Security Advisory GLSA 200412-19 (phpmyadmin)
2008-09-24 00:00:00
FreeBSD Ports: phpMyAdmin
2008-09-04 00:00:00
nessus
nessus
GLSA-200412-19 : phpMyAdmin: Multiple vulnerabilities
2004-12-20 00:00:00
phpMyAdmin < 2.6.1-rc1 Multiple Remote Vulnerabilities
2004-12-13 00:00:00
FreeBSD : phpmyadmin -- command execution vulnerability (0ff0e9a6-4ee0-11d9-a9e7-0001020eed82)
2005-07-13 00:00:00
securityvulns
securityvulns
Multiple vulnerabilities in phpMyAdmin
2004-12-15 00:00:00
phpmyadmin
phpmyadmin
Two vulnerabilities were found in phpMyAdmin, that may allow command execution and file disclosure.
2004-12-13 00:00:00
debiancve
debiancve
CVE-2004-1147
2005-01-10 05:00:00
CVE-2004-1148
2005-01-10 05:00:00
freebsd
freebsd
phpmyadmin -- command execution vulnerability
2004-12-13 00:00:00
phpmyadmin -- file disclosure vulnerability
2004-12-13 00:00:00
cve
cve
CVE-2004-1147
2005-01-10 05:00:00
CVE-2004-1148
2005-01-10 05:00:00

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.018 Low

EPSS

Percentile

88.0%

JSON
Related for GLSA-200412-19
openvas6nessus4securityvulns1phpmyadmin1debiancve2freebsd2cve2