Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2004-2631Eval Injection in Phpmyadmin

5 documents5 sources
Severity
7.5HIGHNVD
EPSS
14.2%
top 5.60%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
PhpmyadminDebian Phpmyadmin
Timeline
PublishedDec 31
Latest updateApr 29

Description

Eval injection vulnerability in left.php in phpMyAdmin 2.5.1 up to 2.5.7, when LeftFrameLight is FALSE, allows remote attackers to execute arbitrary PHP code via a crafted table name.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

debiandebian/phpmyadmin< phpmyadmin 1:2.5.7-pl1-1 (bookworm)
Debianphpmyadmin/phpmyadmin< 1:2.5.7-pl1-1+3
NVDphpmyadmin/phpmyadmin12 versions+11

Patches

Patch: secunia.comPatch: www.osvdb.orgPatch: www.phpmyadmin.net

🔴Vulnerability Details

2
GHSA
GHSA-qqgf-6922-rxxc: Eval injection vulnerability in left2022-04-29
OSV
CVE-2004-2631: Eval injection vulnerability in left2004-12-31

💥Exploits & PoCs

1
Exploit-DB
phpMyAdmin 2.5.7 - Remote code Injection2004-07-04

📋Vendor Advisories

1
Debian
CVE-2004-2631: phpmyadmin - Eval injection vulnerability in left.php in phpMyAdmin 2.5.1 up to 2.5.7, when L...2004