Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-2632

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2004-2632
Last Modified 05 Sep 2008 04:44:41
Published 31 Dec 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-2632

Summary

phpMyAdmin 2.5.1 up to 2.5.7 allows remote attackers to modify configuration settings and gain unauthorized access to MySQL servers via modified $cfg['Servers'] variables.

Vulnerable Systems

Application

  • Phpmyadmin 2.5.1

  • Phpmyadmin 2.5.2

  • Phpmyadmin 2.5.2 Pl1

  • Phpmyadmin 2.5.3

  • Phpmyadmin 2.5.4

  • Phpmyadmin 2.5.5

  • Phpmyadmin 2.5.5 Pl1

  • Phpmyadmin 2.5.5 Rc1

  • Phpmyadmin 2.5.5 Rc2

  • Phpmyadmin 2.5.6 Rc1

  • Phpmyadmin 2.5.6 Rc2

  • Phpmyadmin 2.5.7


References

BID - 10629

CONFIRM - http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2004-1

OSVDB - 7315

GENTOO - GLSA-200407-22

SECUNIA - 11974

XF - phpmyadmin-code-manipulation(16555)

SECTRACK - 1010614

MISC - http://eagle.kecapi.com/sec/fd/phpMyAdmin.html

BUGTRAQ - 20040630 Re: php codes injection in phpMyAdmin version 2.5.7.

BUGTRAQ - 20040628 php codes injection in phpMyAdmin version 2.5.7.


Last Updated: 27 May 2016 10:39:34