CGI abuses : phpMyAdmin Multiple Input Validation Vulnerabilities

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.51982

Categoría: CGI abuses

Título: phpMyAdmin Multiple Input Validation Vulnerabilities

Resumen: NOSUMMARY

Descripción: Description:

The remote version of phpMyAdmin, according to its version
number, is vulnerable to multiple vulnerabilities that include
the ability for an attacker to add an arbitrary SQL server,
and the ability to execute arbitrary PHP code through a
maliciously constructed database table name.

Versions prior to 2.5.7-pl1 are vulnerable.

Solution: Upgrade to 2.5.7-pl1 or later.

Risk factor : High

CVSS Score:
7.5

Referencia Cruzada: BugTraq ID: 10629
Common Vulnerability Exposure (CVE) ID: CVE-2004-2632
http://www.securityfocus.com/bid/10629
Bugtraq: 20040628 php codes injection in phpMyAdmin version 2.5.7. (Google Search)
http://archives.neohapsis.com/archives/bugtraq/2004-06/0444.html
Bugtraq: 20040630 Re: php codes injection in phpMyAdmin version 2.5.7. (Google Search)
http://archives.neohapsis.com/archives/bugtraq/2004-06/0473.html
http://www.gentoo.org/security/en/glsa/glsa-200407-22.xml
http://eagle.kecapi.com/sec/fd/phpMyAdmin.html
http://www.osvdb.org/7315
http://securitytracker.com/alerts/2004/Jun/1010614.html
http://secunia.com/advisories/11974
XForce ISS Database: phpmyadmin-code-manipulation(16555)
https://exchange.xforce.ibmcloud.com/vulnerabilities/16555
Common Vulnerability Exposure (CVE) ID: CVE-2004-2631
Bugtraq: 20041018 phpMyAdmin: Vulnerability in MIME-based transformation (Google Search)
http://marc.info/?l=bugtraq&m=109816584519779&w=2
http://www.securiteam.com/unixfocus/5QP040ADFW.html
http://www.osvdb.org/7314
http://securitytracker.com/id?1010614
XForce ISS Database: phpmyadmin-php-injection(16542)
https://exchange.xforce.ibmcloud.com/vulnerabilities/16542

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.51982
Categoría:	CGI abuses
Título:	phpMyAdmin Multiple Input Validation Vulnerabilities
Resumen:	NOSUMMARY
Descripción:	Description: The remote version of phpMyAdmin, according to its version number, is vulnerable to multiple vulnerabilities that include the ability for an attacker to add an arbitrary SQL server, and the ability to execute arbitrary PHP code through a maliciously constructed database table name. Versions prior to 2.5.7-pl1 are vulnerable. Solution: Upgrade to 2.5.7-pl1 or later. Risk factor : High CVSS Score: 7.5
Referencia Cruzada:	BugTraq ID: 10629 Common Vulnerability Exposure (CVE) ID: CVE-2004-2632 http://www.securityfocus.com/bid/10629 Bugtraq: 20040628 php codes injection in phpMyAdmin version 2.5.7. (Google Search) http://archives.neohapsis.com/archives/bugtraq/2004-06/0444.html Bugtraq: 20040630 Re: php codes injection in phpMyAdmin version 2.5.7. (Google Search) http://archives.neohapsis.com/archives/bugtraq/2004-06/0473.html http://www.gentoo.org/security/en/glsa/glsa-200407-22.xml http://eagle.kecapi.com/sec/fd/phpMyAdmin.html http://www.osvdb.org/7315 http://securitytracker.com/alerts/2004/Jun/1010614.html http://secunia.com/advisories/11974 XForce ISS Database: phpmyadmin-code-manipulation(16555) https://exchange.xforce.ibmcloud.com/vulnerabilities/16555 Common Vulnerability Exposure (CVE) ID: CVE-2004-2631 Bugtraq: 20041018 phpMyAdmin: Vulnerability in MIME-based transformation (Google Search) http://marc.info/?l=bugtraq&m=109816584519779&w=2 http://www.securiteam.com/unixfocus/5QP040ADFW.html http://www.osvdb.org/7314 http://securitytracker.com/id?1010614 XForce ISS Database: phpmyadmin-php-injection(16542) https://exchange.xforce.ibmcloud.com/vulnerabilities/16542
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com