CVE-2004-2632 — Phpmyadmin vulnerability

4 documents4 sources

Severity

7.5HIGHNVD

EPSS

3.0%

top 13.52%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Phpmyadmin Debian Phpmyadmin

Timeline

PublishedDec 31

Latest updateApr 29

Description

phpMyAdmin 2.5.1 up to 2.5.7 allows remote attackers to modify configuration settings and gain unauthorized access to MySQL servers via modified $cfg['Servers'] variables.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

▶debiandebian/phpmyadmin< phpmyadmin 1:2.5.7-pl1-1 (bookworm)

▶Debianphpmyadmin/phpmyadmin< 1:2.5.7-pl1-1+3

▶NVDphpmyadmin/phpmyadmin12 versions+11

Patches

Patch: secunia.com ↗Patch: www.gentoo.org ↗Patch: www.osvdb.org ↗

🔴Vulnerability Details

GHSA

GHSA-g89x-ccw9-3vqf: phpMyAdmin 2↗2022-04-29

▶

OSV

CVE-2004-2632: phpMyAdmin 2↗2004-12-31

▶

📋Vendor Advisories

Debian

CVE-2004-2632: phpmyadmin - phpMyAdmin 2.5.1 up to 2.5.7 allows remote attackers to modify configuration set...↗2004

▶