The MIME transformation system (transformations/text_plain__external.inc.php) in phpMyAdmin 2.5.0 up to 2.6.0-pl1 allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors.

From the phpMyAdmin 2.6.0p2 release notes :

If PHP is not running in safe mode, a problem in the MIME-based transformation system (with an 'external' transformation) allows to execute any command with the privileges of the web server's user.

The remote host is running phpMyAdmin, an open-source software written in PHP to handle the administration of MySQL over the Web.
The remote version of this software is vulnerable to arbitrary command execution due to a lack of user-supplied data sanitization.
 

The remote host is affected by the vulnerability described in GLSA-200410-14 (phpMyAdmin: Vulnerability in MIME-based transformation system)

    A defect was found in phpMyAdmin's MIME-based transformation system,     when used with 'external' transformations.
  Impact :

    A remote attacker could exploit this vulnerability to execute arbitrary     commands on the server with the rights of the HTTP server user.
  Workaround :

    Enabling PHP safe mode ('safe_mode = On' in php.ini) may serve as a     temporary workaround.

According to its banner, the remote version of phpMyAdmin is between 2.5.0 and 2.6.0-pl1.  Such versions may allow an authenticated, remote attacker to run arbitrary commands subject to the privileges of the web server due to the way external MIME-based transformations are handled. 

Note that successful exploitation requires that PHP's 'safe_mode' be disabled and that the administrator not only prepare a special table for keeping some information but also specify it in a configuration.

ID	Name	Product	Family	Severity
36697	FreeBSD : phpmyadmin -- remote command execution vulnerability (fc07c9ca-22ce-11d9-814e-0001020eed82)	Nessus	FreeBSD Local Security Checks	high
2421	phpMyAdmin < 2.6.0-p12 Multiple RCE	Nessus Network Monitor	CGI	high
15511	GLSA-200410-14 : phpMyAdmin: Vulnerability in MIME-based transformation system	Nessus	Gentoo Local Security Checks	high
15478	phpMyAdmin < 2.6.0-pl2 Unspecified Arbitrary Command Execution	Nessus	CGI abuses	medium

Detections

Analytics

CVE-2004-2630

critical

Tenable Plugins

high

high

high

medium