phpMyAdmin < 2.7.0-pl1 Global Variable Overwrite

medium Nessus Network Monitor Plugin ID 3319

Synopsis

The remote host is vulnerable to a flaw where attackers can overwrite critical variables.

Description

The remote host is running phpMyAdmin, a web interface for administering MySQL database servers. This version of phpMyAdmin is vulnerable to a flaw that allows remote attackers to overwrite global variables. An attacker exploiting this flaw would only need to be able to send an HTTP query to the web server. Successful exploitation would result in critical variables being overwritten. This can lead to a partial loss of data integrity.

Solution

Upgrade to version 2.7.0-pl1 or later.

See Also

http://www.hardened-php.net/advisory_252005.110.html

Plugin Details

Severity: Medium

ID: 3319

Family: CGI

Published: 12/7/2005

Updated: 3/6/2019

Nessus ID: 22124

Risk Information

VPR

Risk Factor: Low

Score: 2.7

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 4.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Temporal Score: 5.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:phpmyadmin:phpmyadmin

Reference Information

CVE: CVE-2005-4079

BID: 15761