| Vulnerability Name: | CVE-2005-0567 (CCN-19465) | ||||||||
| Assigned: | 2005-02-24 | ||||||||
| Published: | 2005-02-24 | ||||||||
| Updated: | 2017-07-11 | ||||||||
| Summary: | Multiple PHP remote file inclusion vulnerabilities in phpMyAdmin 2.6.1 allow remote attackers to execute arbitrary PHP code by modifying the (1) theme parameter to phpmyadmin.css.php or (2) cfg[Server][extension] parameter to database_interface.lib.php to reference a URL on a remote web server that contains the code. | ||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
| ||||||||
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2005-0544 Source: MITRE Type: CNA CVE-2005-0567 Source: BUGTRAQ Type: UNKNOWN 20050224 [SECURITYREASON.COM] phpMyAdmin 2.6.1 Remote file inclusion and XSS cXIb8O3.4 Source: CCN Type: SA14382 phpMyAdmin Local File Inclusion and Cross-Site Scripting Source: SECUNIA Type: Patch, Vendor Advisory 14382 Source: CONFIRM Type: Patch http://sourceforge.net/tracker/index.php?func=detail&aid=1149381&group_id=23067&atid=377408 Source: CCN Type: GLSA-200503-07 phpMyAdmin: Multiple vulnerabilities Source: CCN Type: OSVDB ID: 14094 phpMyAdmin phpmyadmin.css.php Remote File Inclusion Source: CCN Type: OSVDB ID: 14095 phpMyAdmin database_interface.lib.php Local File Inclusion Source: CCN Type: OSVDB ID: 14374 phpMyAdmin /libraries/sqlvalidator.lib.php Direct Request Path Disclosure Source: CCN Type: OSVDB ID: 14376 phpMyAdmin /libraries/select_theme.lib.php Direct Request Path Disclosure Source: CCN Type: OSVDB ID: 14378 phpMyAdmin /libraries/relation_cleanup.lib.php Direct Request Path Disclosure Source: CCN Type: OSVDB ID: 14379 phpMyAdmin /libraries/header_meta_style.inc.php Direct Request Path Disclosure Source: CCN Type: OSVDB ID: 14380 phpMyAdmin get_foreign.lib.php Path Disclosure Source: CCN Type: OSVDB ID: 14381 phpMyAdmin display_tbl_links.lib.php Multiple Variable Path Disclosure Source: CCN Type: OSVDB ID: 14382 phpMyAdmin /libraries/display_export.lib.php Direct Request Path Disclosure Source: CCN Type: OSVDB ID: 14384 phpMyAdmin charset_conversion.lib.php Path Disclosure Source: CCN Type: OSVDB ID: 14385 phpMyAdmin /libraries/fpdf/ufpdf.php Direct Request Path Disclosure Source: CCN Type: OSVDB ID: 14386 phpMyAdmin mysqli.dbi.lib.php Path Disclosure Source: CCN Type: OSVDB ID: 14387 phpMyAdmin setup.php Path Disclosure Source: CCN Type: OSVDB ID: 14388 phpMyAdmin cookie.auth.lib.php Path Disclosure Source: CCN Type: OSVDB ID: 8500 phpMyAdmin /libraries/sqlparser.lib.php Direct Request Path Disclosure Source: CCN Type: OSVDB ID: 8501 phpMyAdmin /libraries/db_table_exists.lib.php Direct Request Path Disclosure Source: CCN Type: phpMyAdmin Download Web page phpMyAdmin > Downloads | MySQL Database Administration Tool | www.phpmyadmin.net Source: CONFIRM Type: Vendor Advisory http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2005-1 Source: BID Type: Patch 12645 Source: CCN Type: BID-12645 PHPMyAdmin Multiple Local File Include Vulnerabilities Source: XF Type: UNKNOWN phpmyadmin-file-include(19465) Source: XF Type: UNKNOWN phpmyadmin-file-include(19465) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||