CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
89.3%
A phpMyAdmin security announcement reports:
We received two bug reports by Maksymilian Arciemowicz
about those vulnerabilities and we wish to thank him for
his work. The vulnerabilities apply to those points:
css/phpmyadmin.css.php was vulnerable against
$cfg and GLOBALS variable
injections. This way, a possible attacker could
manipulate any configuration parameter. Using
phpMyAdmin’s theming mechanism, he was able to include
arbitrary files. This is especially dangerous if php is
not running in safe mode.
A possible attacker could manipulate phpMyAdmin’s
localized strings via the URL and inject harmful
JavaScript code this way, which could be used for XSS
attacks.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
FreeBSD | any | noarch | phpmyadmin | < 2.6.1.2 | UNKNOWN |
FreeBSD | any | noarch | phpmyadmin | < 2.6.1.2 | UNKNOWN |