phpMyAdmin < 2.7.0-pl1 Global Variable Overwrite

Medium Nessus Network Monitor Plugin ID 3319

Synopsis

The remote host is vulnerable to a flaw where attackers can overwrite critical variables.

Description

The remote host is running phpMyAdmin, a web interface for administering MySQL database servers. This version of phpMyAdmin is vulnerable to a flaw that allows remote attackers to overwrite global variables. An attacker exploiting this flaw would only need to be able to send an HTTP query to the web server. Successful exploitation would result in critical variables being overwritten. This can lead to a partial loss of data integrity.

Solution

Upgrade to version 2.7.0-pl1 or later.

See Also

http://www.hardened-php.net/advisory_252005.110.html

Plugin Details

Severity: Medium

ID: 3319

File Name: 3319.prm

Family: CGI

Published: 2005/12/07

Modified: 2016/03/02

Dependencies: 9102

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 5

Temporal Score: 4.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

Temporal Vector: CVSS2#E:H/RL:OF/RC:C

CVSSv3

Base Score: 5.3

Temporal Score: 5.1

Vector: CVSS3#AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Temporal Vector: CVSS3#E:H/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:phpmyadmin:phpmyadmin

Reference Information

CVE: CVE-2005-4079

BID: 15761

OSVDB: 21508