phpMyAdmin < 2.6.0-pl2 Unspecified Arbitrary Command Execution

medium Nessus Plugin ID 15478

Synopsis

The remote web server contains a PHP application that may allow arbitrary command execution.

Description

According to its banner, the remote version of phpMyAdmin is between 2.5.0 and 2.6.0-pl1. Such versions may allow an authenticated, remote attacker to run arbitrary commands subject to the privileges of the web server due to the way external MIME-based transformations are handled.

Note that successful exploitation requires that PHP's 'safe_mode' be disabled and that the administrator not only prepare a special table for keeping some information but also specify it in a configuration.

Solution

Upgrade to phpMyAdmin version 2.6.0-pl2 or later.

See Also

https://www.phpmyadmin.net/security/PMASA-2004-2/

http://sourceforge.net/forum/forum.php?forum_id=414281

Plugin Details

Severity: Medium

ID: 15478

File Name: phpMyAdmin_remote_cmd.nasl

Version: 1.25

Type: remote

Family: CGI abuses

Published: 10/17/2004

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.6

CVSS v2

Risk Factor: Medium

Base Score: 6

Temporal Score: 4.4

Vector: CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:phpmyadmin:phpmyadmin

Required KB Items: www/phpMyAdmin, www/PHP

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Ease: No exploit is required

Vulnerability Publication Date: 10/13/2004

Reference Information

CVE: CVE-2004-2630

BID: 11391