Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-0567

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2005-0567
Last Modified 05 Sep 2008 04:46:39
Published 02 May 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-0567

Summary

Multiple PHP remote file inclusion vulnerabilities in phpMyAdmin 2.6.1 allow remote attackers to execute arbitrary PHP code by modifying the (1) theme parameter to phpmyadmin.css.php or (2) cfg[Server][extension] parameter to database_interface.lib.php to reference a URL on a remote web server that contains the code.

Vulnerable Systems

Application

  • Phpmyadmin 2.6.1


References

XF - phpmyadmin-file-include(19465)

BID - 12645

CONFIRM - http://sourceforge.net/tracker/index.php?func=detail&aid=1149381&group_id=23067&atid=377408

SECUNIA - 14382

CONFIRM - http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2005-1

BUGTRAQ - 20050224 [SECURITYREASON.COM] phpMyAdmin 2.6.1 Remote file inclusion and XSS cXIb8O3.4


Last Updated: 27 May 2016 10:39:50