Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Nessus: plugins
phpMyAdmin_remote_cmd.nasl (script id 15748)

Index | Next | Previous | View Flat

simon at westpoint

Dec 4, 2008, 6:51 AM

Views: 3334
phpMyAdmin_remote_cmd.nasl (script id 15748)

According to the CVE-2004-2630[1] and the advisory from the phpMyAdmin
team[2] only phpMyAdmin versions 2.5.0 to 2.6.0-pl1 have the command
execution vulnerability described by phpMyAdmin_remote_cmd.nasl (script
id 15748). Bugtraq says different[3].

If that's the case, the version pattern can be changed from:




(patch attached)

[1]: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-2630
[2]: http://www.phpmyadmin.net/home_page/security/PMASA-2004-2.php
[3]: http://www.securityfocus.com/bid/11391/

Simon Ward

Operations Security Specialist, Westpoint Ltd
Albion Wharf, 19 Albion Street, Manchester M1 5LN, United Kingdom

Web: www.westpoint.ltd.uk
Tel: +44-161-2371028
Attachments: phpMyAdmin_remote_cmd-2.5.patch (0.39 KB)

Subject User Time
phpMyAdmin_remote_cmd.nasl (script id 15748) simon at westpoint Dec 4, 2008, 6:51 AM
    Re: phpMyAdmin_remote_cmd.nasl (script id 15748) theall at tenablesecurity Dec 8, 2008, 12:47 PM

  Index | Next | Previous | View Flat

Interested in having your list archived? Contact Gossamer Threads
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.