CVE-2004-2630 — Phpmyadmin vulnerability

4 documents4 sources

Severity

7.5HIGHNVD

EPSS

2.1%

top 15.93%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Phpmyadmin Debian Phpmyadmin

Timeline

PublishedDec 31

Latest updateApr 29

Description

The MIME transformation system (transformations/text_plain__external.inc.php) in phpMyAdmin 2.5.0 up to 2.6.0-pl1 allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

▶debiandebian/phpmyadmin< phpmyadmin 2:2.6.0-pl2-1 (bookworm)

▶Debianphpmyadmin/phpmyadmin< 2:2.6.0-pl2-1+3

▶NVDphpmyadmin/phpmyadmin15 versions+14

Patches

Patch: secunia.com ↗Patch: secunia.com ↗Patch: securitytracker.com ↗

🔴Vulnerability Details

GHSA

GHSA-gqxw-w7hq-j9fr: The MIME transformation system (transformations/text_plain__external↗2022-04-29

▶

OSV

CVE-2004-2630: The MIME transformation system (transformations/text_plain__external↗2004-12-31

▶

📋Vendor Advisories

Debian

CVE-2004-2630: phpmyadmin - The MIME transformation system (transformations/text_plain__external.inc.php) in...↗2004

▶