PhpMyAdminPHPMYADMIN:PMASA-2005-9Cross-Site Scripting, local and remote code execution vulnerabilities
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.022 Low
EPSS
Percentile
89.4%
PMASA-2005-9
Announcement-ID: PMASA-2005-9
Date: 2005-12-07
Summary
Cross-Site Scripting, local and remote code execution vulnerabilities
Description
Two days after the release of version 2.7.0, we received a security advisory from Stefan Esser ([email protected]) and we wish to thank him for his work. It is possible to overwrite the global import_blacklist variable to open phpMyAdmin 2.7.0 to those vulnerabilities.
Severity
We consider these vulnerabilities to be serious.
Affected Versions
Only the unpatched 2.7.0 version.
Solution
Upgrade to phpMyAdmin 2.7.0-pl1 or newer.
References
<http://www.hardened-php.net/advisory_252005.110.html>
Assigned CVE ids: CVE-2005-4079
CWE ids: CWE-661 CWE-79 CWE-98 CWE-94
Patches
The following commits have been made to fix this issue:
More information
For further information and in case of questions, please contact the phpMyAdmin team. Our website is phpmyadmin.net.
| CPE | Name | Operator | Version |
|---|---|---|---|
| phpmyadmin | le | 2.7.0 |
Related
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.022 Low
EPSS
Percentile
89.4%