CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:P/A:P
EPSS
Percentile
50.9%
The phpMyAdmin development team reports:
The import.php script was vulnerable to GLOBALS variable
injection. Therefore, an attacker could manipulate any
configuration parameter.
This vulnerability can be triggered only by someone who
logged in to phpMyAdmin, as the usual token protection
prevents non-logged-in users from accessing the required
form.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
FreeBSD | any | noarch | phpmyadmin | =Β 4.0 | UNKNOWN |
FreeBSD | any | noarch | phpmyadmin | <Β 4.0.4.1 | UNKNOWN |