Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-2630

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2004-2630
Last Modified 05 Sep 2008 04:44:40
Published 31 Dec 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-2630

Summary

The MIME transformation system (transformations/text_plain__external.inc.php) in phpMyAdmin 2.5.0 up to 2.6.0-pl1 allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors.

Vulnerable Systems

Application

  • Phpmyadmin 2.5.0

  • Phpmyadmin 2.5.1

  • Phpmyadmin 2.5.2

  • Phpmyadmin 2.5.2 Pl1

  • Phpmyadmin 2.5.3

  • Phpmyadmin 2.5.4

  • Phpmyadmin 2.5.5

  • Phpmyadmin 2.5.5 Pl1

  • Phpmyadmin 2.5.5 Rc1

  • Phpmyadmin 2.5.5 Rc2

  • Phpmyadmin 2.5.6 Rc1

  • Phpmyadmin 2.5.6 Rc2

  • Phpmyadmin 2.5.7

  • Phpmyadmin 2.5.7 Pl1

  • Phpmyadmin 2.6.0 Pl1


References

XF - phpmyadmin-command-execution(17698)

BID - 11391

CONFIRM - http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2004-2

GENTOO - GLSA-200410-14

SECTRACK - 1011761

SECUNIA - 12859

SECUNIA - 12813

FULLDISC - 20041018: phpMyAdmin: Vulnerability in MIME-based transformation

BUGTRAQ - 20041018 phpMyAdmin: Vulnerability in MIME-based transformation

OSVDB - 10715


Last Updated: 27 May 2016 10:39:34