CVE-2005-0567 — Phpmyadmin vulnerability

4 documents4 sources

Severity

7.5HIGHNVD

EPSS

1.2%

top 20.94%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Phpmyadmin Debian Phpmyadmin

Timeline

PublishedMay 2

Latest updateMay 1

Description

Multiple PHP remote file inclusion vulnerabilities in phpMyAdmin 2.6.1 allow remote attackers to execute arbitrary PHP code by modifying the (1) theme parameter to phpmyadmin.css.php or (2) cfg[Server][extension] parameter to database_interface.lib.php to reference a URL on a remote web server that contains the code.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

▶debiandebian/phpmyadmin< phpmyadmin 3:2.6.1-pl2-1 (bookworm)

▶Debianphpmyadmin/phpmyadmin< 3:2.6.1-pl2-1+3

▶NVDphpmyadmin/phpmyadmin2.6.1

Patches

Patch: secunia.com ↗Patch: sourceforge.net ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-97pg-mf6p-74fr: Multiple PHP remote file inclusion vulnerabilities in phpMyAdmin 2↗2022-05-01

▶

OSV

CVE-2005-0567: Multiple PHP remote file inclusion vulnerabilities in phpMyAdmin 2↗2005-05-02

▶

📋Vendor Advisories

Debian

CVE-2005-0567: phpmyadmin - Multiple PHP remote file inclusion vulnerabilities in phpMyAdmin 2.6.1 allow rem...↗2005

▶