| VID |
21377 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The phpMyAdmin, according to its version number, has a remote command execution vulnerability. phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the WWW. Currently it can create and drop databases, create/drop/alter tables, delete/edit/add fields, execute any SQL statement, manage keys on fields.
phpMyAdmin versions 2.x prior to 2.6.0-pl2 could allow a remote attacker to execute arbitrary commands on the system. This vulnerability likely arises due to insufficient sanitization of user-supplied data.
* Note: This check solely relied on the version number of the remote phpMyAdmin software to assess this vulnerability, so this might be a false positive. And if the safe mode has been enabled on the system, please ignore this alert.
* References:
http://secunia.com/advisories/12813/
* Platforms Affected:
Tobias Ratschiller, phpMyAdmin 2.x prior to 2.6.0-pl2
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of phpMyAdmin (2.6.0-pl2 or later), available from the Project Official Web site at http://www.phpmyadmin.net/home_page/ |
| Related URL |
CVE-2004-2630 (CVE) |
| Related URL |
11391 (SecurityFocus) |
| Related URL |
17698 (ISS) |
|
