phpMyAdmin < 2.7.0-pl1 Global Variable Overwrite

Medium Nessus Network Monitor Plugin ID 3319


The remote host is vulnerable to a flaw where attackers can overwrite critical variables.


The remote host is running phpMyAdmin, a web interface for administering MySQL database servers. This version of phpMyAdmin is vulnerable to a flaw that allows remote attackers to overwrite global variables. An attacker exploiting this flaw would only need to be able to send an HTTP query to the web server. Successful exploitation would result in critical variables being overwritten. This can lead to a partial loss of data integrity.


Upgrade to version 2.7.0-pl1 or later.

See Also

Plugin Details

Severity: Medium

ID: 3319

File Name: 3319.prm

Family: CGI

Published: 2005/12/07

Modified: 2016/03/02

Dependencies: 9102

Risk Information

Risk Factor: Medium


Base Score: 5

Temporal Score: 4.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

Temporal Vector: CVSS2#E:H/RL:OF/RC:C


Base Score: 5.3

Temporal Score: 5.1


Temporal Vector: CVSS3#E:H/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:phpmyadmin:phpmyadmin

Reference Information

CVE: CVE-2005-4079

BID: 15761

OSVDB: 21508