CVE-2005-0653 — Phpmyadmin vulnerability

4 documents4 sources

Severity

4.6MEDIUMNVD

EPSS

0.2%

top 63.67%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Phpmyadmin Debian Phpmyadmin

Timeline

PublishedMay 2

Latest updateMay 1

Description

phpMyAdmin 2.6.1 does not properly grant permissions on tables with an underscore in the name, which grants remote authenticated users more privileges than intended.

CVSS vector

AV:L/AC:L/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4

Affected Packages3 packages

▶debiandebian/phpmyadmin< phpmyadmin 3:2.6.1-pl3-1 (bookworm)

▶Debianphpmyadmin/phpmyadmin< 3:2.6.1-pl3-1+3

▶NVDphpmyadmin/phpmyadmin2.6.1

Patches

Patch: bugs.gentoo.org ↗Patch: www.gentoo.org ↗Patch: bugs.gentoo.org ↗

🔴Vulnerability Details

GHSA

GHSA-pg96-vwx3-63fm: phpMyAdmin 2↗2022-05-01

▶

OSV

CVE-2005-0653: phpMyAdmin 2↗2005-05-02

▶

📋Vendor Advisories

Debian

CVE-2005-0653: phpmyadmin - phpMyAdmin 2.6.1 does not properly grant permissions on tables with an underscor...↗2005

▶