CVE-2005-4349
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
SQL injection vulnerability in server_privileges.php in phpMyAdmin 2.7.0 allows remote authenticated users to execute arbitrary SQL commands via the (1) dbname and (2) checkprivs parameters. NOTE: the vendor and a third party have disputed this issue, saying that the main task of the program is to support query execution by authenticated users, and no external attack scenario exists without an auto-login configuration. Thus it is likely that this issue will be REJECTED. However, a closely related CSRF issue has been assigned CVE-2005-4450
** DISPUTADA ** Vulnerabilidad de inyección de SQL en server_privileges.php en phpMyAdmin 2.7.0 permite a atacantes remotos ejecutar órdenes SQL de su elección mediante los parámetros (1)dbname y (2) checkprivs.
NOTA: el fabricante y una tercera parte disputan esta cuestión, diciendo que la tarea principal del programa es soportar la ejecución de consultas por usuarios autenticados, y no existe ningún escenario de ataque externo sin una configuración con inicio automático de sesión. Por lo tanto, es probable que esta cuestión sea rechazada.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2005-12-19 CVE Reserved
- 2005-12-19 CVE Published
- 2023-11-09 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| http://marc.info/?l=bugtraq&m=113486637512821&w=2 | Mailing List | |
| http://securityreason.com/securityalert/270 | Third Party Advisory | |
| http://www.securityfocus.com/archive/1/419829/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/archive/1/419832/100/0/threaded | Mailing List |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/18113 | 2024-05-17 | |
| http://www.vupen.com/english/advisories/2005/2995 | 2024-05-17 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Phpmyadmin Search vendor "Phpmyadmin" | Phpmyadmin Search vendor "Phpmyadmin" for product "Phpmyadmin" | 2.7.0 Search vendor "Phpmyadmin" for product "Phpmyadmin" and version "2.7.0" | - |
Affected
| ||||||