| VID |
21421 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The phpMyAdmin package, according to its version number, has multiple vulnerabilities(2). phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the WWW. Currently it can create and drop databases, create/drop/alter tables, delete/edit/add fields, execute any SQL statement, manage keys on fields. phpMyAdmin version 2.4.0 through 2.6.0-pl2 are vulnerable to the following issues:
The first issue may allow a remote attacker to execute arbitrary commands on a server that is not running in safe mode. The vulnerability specifically lies in the external MIME-based transformations functionality.
The second issue allows an attacker to disclose arbitrary files residing on a vulnerable server that is not running in safe mode. An attacker requires access to the phpMyAdmin interface to carry out this attack. This issue can be exploited through the 'sql_localfile' parameter of the 'read_dump.php' script and it requires the '$cfg['UploadDir']' directive to be defined on the server.
* Note: This check solely relied on the version number of the remote phpMyAdmin software to assess this vulnerability, so this might be a false positive.
* References:
http://www.securityfocus.com/archive/1/384199
* Platforms Affected:
Tobias Ratschiller, phpMyAdmin 2.4.0 through 2.6.0-pl2
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of phpMyAdmin (2.6.1-rc1 or later), available from the phpMyAdmin Download Web page at http://www.phpmyadmin.net/home_page/downloads.php |
| Related URL |
CVE-2004-1147,CVE-2004-1148 (CVE) |
| Related URL |
11886 (SecurityFocus) |
| Related URL |
18441,18443 (ISS) |
|
