| Vulnerability Name: | CVE-2005-0544 (CCN-19465) | ||||||||
| Assigned: | 2005-02-24 | ||||||||
| Published: | 2005-02-24 | ||||||||
| Updated: | 2008-09-05 | ||||||||
| Summary: | phpMyAdmin 2.6.1 allows remote attackers to obtain the full path of the server via direct requests to (1) sqlvalidator.lib.php, (2) sqlparser.lib.php, (3) select_theme.lib.php, (4) select_lang.lib.php, (5) relation_cleanup.lib.php, (6) header_meta_style.inc.php, (7) get_foreign.lib.php, (8) display_tbl_links.lib.php, (9) display_export.lib.php, (10) db_table_exists.lib.php, (11) charset_conversion.lib.php, (12) ufpdf.php, (13) mysqli.dbi.lib.php, (14) setup.php, or (15) cookie.auth.lib.php, which reveals the path in a PHP error message. | ||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
| ||||||||
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2005-0544 Source: MITRE Type: CNA CVE-2005-0567 Source: CCN Type: SA14382 phpMyAdmin Local File Inclusion and Cross-Site Scripting Source: SECUNIA Type: Patch, Vendor Advisory 14382 Source: CONFIRM Type: Vendor Advisory http://sourceforge.net/tracker/index.php?func=detail&aid=1149383&group_id=23067&atid=377408 Source: CCN Type: GLSA-200503-07 phpMyAdmin: Multiple vulnerabilities Source: GENTOO Type: Patch, Vendor Advisory GLSA-200503-07 Source: CCN Type: OSVDB ID: 14094 phpMyAdmin phpmyadmin.css.php Remote File Inclusion Source: CCN Type: OSVDB ID: 14095 phpMyAdmin database_interface.lib.php Local File Inclusion Source: CCN Type: OSVDB ID: 14374 phpMyAdmin /libraries/sqlvalidator.lib.php Direct Request Path Disclosure Source: CCN Type: OSVDB ID: 14376 phpMyAdmin /libraries/select_theme.lib.php Direct Request Path Disclosure Source: CCN Type: OSVDB ID: 14378 phpMyAdmin /libraries/relation_cleanup.lib.php Direct Request Path Disclosure Source: CCN Type: OSVDB ID: 14379 phpMyAdmin /libraries/header_meta_style.inc.php Direct Request Path Disclosure Source: CCN Type: OSVDB ID: 14380 phpMyAdmin get_foreign.lib.php Path Disclosure Source: CCN Type: OSVDB ID: 14381 phpMyAdmin display_tbl_links.lib.php Multiple Variable Path Disclosure Source: CCN Type: OSVDB ID: 14382 phpMyAdmin /libraries/display_export.lib.php Direct Request Path Disclosure Source: CCN Type: OSVDB ID: 14384 phpMyAdmin charset_conversion.lib.php Path Disclosure Source: CCN Type: OSVDB ID: 14385 phpMyAdmin /libraries/fpdf/ufpdf.php Direct Request Path Disclosure Source: CCN Type: OSVDB ID: 14386 phpMyAdmin mysqli.dbi.lib.php Path Disclosure Source: CCN Type: OSVDB ID: 14387 phpMyAdmin setup.php Path Disclosure Source: CCN Type: OSVDB ID: 14388 phpMyAdmin cookie.auth.lib.php Path Disclosure Source: CCN Type: OSVDB ID: 8500 phpMyAdmin /libraries/sqlparser.lib.php Direct Request Path Disclosure Source: CCN Type: OSVDB ID: 8501 phpMyAdmin /libraries/db_table_exists.lib.php Direct Request Path Disclosure Source: CCN Type: phpMyAdmin Download Web page phpMyAdmin > Downloads | MySQL Database Administration Tool | www.phpmyadmin.net Source: CCN Type: BID-12645 PHPMyAdmin Multiple Local File Include Vulnerabilities Source: XF Type: UNKNOWN phpmyadmin-file-include(19465) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||