Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-2631

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2004-2631
Last Modified 05 Sep 2008 04:44:40
Published 31 Dec 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-2631

Summary

Eval injection vulnerability in left.php in phpMyAdmin 2.5.1 up to 2.5.7, when LeftFrameLight is FALSE, allows remote attackers to execute arbitrary PHP code via a crafted table name.

Vulnerable Systems

Application

  • Phpmyadmin 2.5.1

  • Phpmyadmin 2.5.2

  • Phpmyadmin 2.5.2 Pl1

  • Phpmyadmin 2.5.3

  • Phpmyadmin 2.5.4

  • Phpmyadmin 2.5.5

  • Phpmyadmin 2.5.5 Pl1

  • Phpmyadmin 2.5.5 Rc1

  • Phpmyadmin 2.5.5 Rc2

  • Phpmyadmin 2.5.6 Rc1

  • Phpmyadmin 2.5.6 Rc2

  • Phpmyadmin 2.5.7


References

XF - phpmyadmin-php-injection(16542)

BID - 10629

CONFIRM - http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2004-1

OSVDB - 7314

SECUNIA - 11974

BUGTRAQ - 20041018 phpMyAdmin: Vulnerability in MIME-based transformation

MISC - http://www.securiteam.com/unixfocus/5QP040ADFW.html

GENTOO - GLSA-200407-22

SECTRACK - 1010614

MISC - http://eagle.kecapi.com/sec/fd/phpMyAdmin.html

BUGTRAQ - 20040630 Re: php codes injection in phpMyAdmin version 2.5.7.

BUGTRAQ - 20040628 php codes injection in phpMyAdmin version 2.5.7.


Last Updated: 27 May 2016 10:39:34