Detections
Analytics
Portable phpMyAdmin Plugin for WordPress 'wp-pma-mod' Authentication Bypass
high Nessus Plugin ID 64245
Language:
Synopsis
The remote web server contains a PHP script that is affected by an authentication bypass vulnerability.Description
The Portable phpMyAdmin Plugin for WordPress installed on the remote host is affected by an authentication bypass vulnerability because the /wp-pma-mod/ path fails to properly authorize users. his may allow an attacker to bypass access restrictions and gain access to the administrative console to perform unauthorized actions.Solution
Upgrade to version 1.3.1 or later.See Also
https://seclists.org/bugtraq/2012/Dec/91
https://wordpress.org/plugins/portable-phpmyadmin/#changelog
Plugin Details
Severity: High
ID: 64245
File Name: wordpress_portable_phpmyadmin_auth_bypass.nasl
Version: 1.9
Type: remote
Family: CGI abuses
Published: 1/25/2013
Updated: 6/5/2024
Supported Sensors: Nessus
Enable CGI Scanning: true
Risk Information
VPR
Risk Factor: Medium
Score: 6.3
CVSS v2
Risk Factor: High
Base Score: 7.5
Temporal Score: 5.9
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
Vulnerability Information
CPE: cpe:/a:wordpress:wordpress
Required KB Items: installed_sw/WordPress, www/PHP
Excluded KB Items: Settings/disable_cgi_scanning
Exploit Available: true
Exploit Ease: No exploit is required
Exploited by Nessus: true
Patch Publication Date: 11/27/2012
Vulnerability Publication Date: 12/12/2012
Reference Information
CVE: CVE-2012-5469
BID: 56920