QwikSec

Security Database

CVE

CWE

Training

CVE-2005-4349

Published: Dec 19, 2005

Modified: Jan 16, 2025

PUBLISHED

Description

SQL injection vulnerability in server_privileges.php in phpMyAdmin 2.7.0 allows remote authenticated users to execute arbitrary SQL commands via the (1) dbname and (2) checkprivs parameters. NOTE: the vendor and a third party have disputed this issue, saying that the main task of the program is to support query execution by authenticated users, and no external attack scenario exists without an auto-login configuration. Thus it is likely that this issue will be REJECTED. However, a closely related CSRF issue has been assigned CVE-2005-4450

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

third-party-advisory

x_refsource_SREASON

vdb-entry

x_refsource_VUPEN

20051217 phpMyAdmin server_privileges.php SQL Injection Vulnerabilities.

mailing-list

x_refsource_BUGTRAQ

20051219 Re: phpMyAdmin server_privileges.php SQL Injection Vulnerabilities.

mailing-list

x_refsource_BUGTRAQ

third-party-advisory

x_refsource_SECUNIA

20051219 about phpMyAdmin's server_privileges.php announced vulnerability

mailing-list

x_refsource_BUGTRAQ

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.