| VID |
21244 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The phpMyAdmin package installed on the Web server has multiple vulnerabilities.
phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the WWW. Currently it can create and drop databases, create/drop/alter tables, delete/edit/add fields, execute any SQL statement, manage keys on fields. The phpMyAdmin package has the following problems:
- It allows remote attackers to obtain knowledge about the physical path of phpMyAdmin.
- It allows remote attackers to steal the cookies of users via Cross-Site scripting.
- It allows remote attackers to list the content of arbitrary directories on the affected server.
* References:
http://www.securityfocus.com/archive/1/325641
* Platforms Affected:
phpMyAdmin 2.5.1 and earlier
Windows Any version
UNIX/Linux Any version |
| Recommendation |
No upgrade available as of June 2003. We recommend that it don't use the package until a patch or an upgrade is released. The phpMyAdmin is available from http://www.phpmyadmin.net/ |
| Related URL |
(CVE) |
| Related URL |
7965,7964,7963,7962 (SecurityFocus) |
| Related URL |
(ISS) |
|
