cbcvebase.
CVE-2012-5469
published 2012-12-20

CVE-2012-5469: The Portable phpMyAdmin plugin before 1.3.1 for WordPress allows remote attackers to bypass authentication and obtain phpMyAdmin console access via a direct…

PriorityP277high7.5CVSS 2.0
AVNACLAuNCPIPAP
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
23.75%
97.5th percentile
The Portable phpMyAdmin plugin before 1.3.1 for WordPress allows remote attackers to bypass authentication and obtain phpMyAdmin console access via a direct request to wp-content/plugins/portable-phpmyadmin/wp-pma-mod.

Affected

26 ranges· showing 25
VendorProductVersion rangeFixed in
phpmyadminphpmyadmin
phpmyadminphpmyadmin
phpmyadminphpmyadmin
phpmyadminphpmyadmin
phpmyadminphpmyadmin
phpmyadminphpmyadmin
phpmyadminphpmyadmin
phpmyadminphpmyadmin
phpmyadminphpmyadmin
phpmyadminphpmyadmin
phpmyadminphpmyadmin
phpmyadminphpmyadmin
phpmyadminphpmyadmin
phpmyadminphpmyadmin
phpmyadminphpmyadmin
phpmyadminphpmyadmin
phpmyadminphpmyadmin
phpmyadminphpmyadmin
phpmyadminphpmyadmin
phpmyadminphpmyadmin
phpmyadminphpmyadmin
phpmyadminphpmyadmin
phpmyadminphpmyadmin
phpmyadminphpmyadmin
phpmyadminphpmyadmin

Detection & IOCsextracted from sources · hover to see the quote

urlhttp://host/wp-content/plugins/portable-phpmyadmin/wp-pma-mod
pathwp-content/plugins/portable-phpmyadmin/wp-pma-mod
  • Detect unauthenticated GET requests to the vulnerable plugin path wp-content/plugins/portable-phpmyadmin/wp-pma-mod — any direct request to this path without a valid WordPress session cookie indicates exploitation of CVE-2012-5469.
  • Alert on HTTP requests targeting the path /wp-content/plugins/portable-phpmyadmin/wp-pma-mod, especially from external/unauthenticated sources, as this directly exposes a full phpMyAdmin console.
  • ·The vulnerability affects Portable phpMyAdmin plugin version 1.3.0 and earlier; version 1.3.1 patches the issue. Ensure detection rules target only unpatched installations.
  • ·The exposed phpMyAdmin console operates with the MySQL privilege level of the WordPress database configuration, meaning exploitation impact depends on the DB user's permissions.

CVSS provenance

nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vulncheck7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.