CVE-2005-4349SQL Injection in Phpmyadmin

CWE-89SQL Injection6 documents4 sources
Severity
7.5HIGHNVD
NVD6.3OSV6.3
EPSS
1.7%
top 17.91%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
PhpmyadminDebian Phpmyadmin
Timeline
PublishedDec 19
Latest updateMay 1

Description

SQL injection vulnerability in server_privileges.php in phpMyAdmin 2.7.0 allows remote authenticated users to execute arbitrary SQL commands via the (1) dbname and (2) checkprivs parameters. NOTE: the vendor and a third party have disputed this issue, saying that the main task of the program is to support query execution by authenticated users, and no external attack scenario exists without an auto-login configuration. Thus it is likely that this issue will be REJECTED. However, a closely relate

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:LExploitability: 2.8 | Impact: 3.4

Affected Packages3 packages

debiandebian/phpmyadmin< phpmyadmin 4:3.2.0-1 (bookworm)
Debianphpmyadmin/phpmyadmin< 4:3.2.0-1+3
NVDphpmyadmin/phpmyadmin2.7.0, 2.7.0_pl1+1

🔴Vulnerability Details

3
GHSA
GHSA-mrq8-9564-r9gh: ** DISPUTED ** SQL injection vulnerability in server_privileges2022-05-01
GHSA
GHSA-282v-8gf3-6m78: Cross-site request forgery (CSRF) vulnerability in phpMyAdmin 22022-05-01
OSV
CVE-2005-4349: SQL injection vulnerability in server_privileges2005-12-19

📋Vendor Advisories

1
Debian
CVE-2005-4349: phpmyadmin - SQL injection vulnerability in server_privileges.php in phpMyAdmin 2.7.0 allows ...2005