CVE-2005-4349
| Summary |
SQL injection vulnerability in server_privileges.php in phpMyAdmin 2.7.0 allows remote authenticated users to execute arbitrary SQL commands via the (1) dbname and (2) checkprivs parameters. NOTE: the vendor and a third party have disputed this issue, saying that the main task of the program is to support query execution by authenticated users, and no external attack scenario exists without an auto-login configuration. Thus it is likely that this issue will be REJECTED. However, a closely related CSRF issue has been assigned CVE-2005-4450
|
| Publication Date |
Dec. 19, 2005, 8:03 p.m. |
| Registration Date |
Jan. 29, 2021, 5:59 p.m. |
| Last Update |
Aug. 8, 2024, 9:15 a.m. |
|
CVSS2.0 : MEDIUM
|
| Score |
6.5
|
| Vector |
AV:N/AC:L/Au:S/C:P/I:P/A:P |
| 攻撃元区分(AV) |
ネットワーク |
| 攻撃条件の複雑さ(AC) |
低 |
| 攻撃前の認証要否(Au) |
単一 |
| 機密性への影響(C) |
低 |
| 完全性への影響(I) |
低 |
| 可用性への影響(A) |
低 |
| Get all privileges. |
いいえ
|
| Get user privileges |
いいえ
|
| Get other privileges |
はい
|
| User operation required |
いいえ
|
Affected software configurations
| Configuration1 |
or higher |
or less |
more than |
less than |
| cpe:2.3:a:phpmyadmin:phpmyadmin:2.7.0:*:*:*:*:*:*:* |
|
|
|
|
Related information, measures and tools
Common Vulnerabilities List