CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
88.1%
A phpMyAdmin security announcement reports:
Command execution: since phpMyAdmin 2.6.0-pl2, on a
system where external MIME-based transformations are
activated, an attacker can put into MySQL data an
offensive value that starts a shell command when
browsed.
Enabling PHP safe mode on the server can be used as
a workaround for this vulnerability.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
FreeBSD | any | noarch | phpmyadmin | = 2.6.0.2 | UNKNOWN |
FreeBSD | any | noarch | phpmyadmin | < 2.6.1.r1 | UNKNOWN |