Advertisement
| CVE | Category | Price | Severity |
|---|---|---|---|
| CVE-2020-5505 | CWE-79 | $5,000 | High |
| Author | Risk | Exploitation Type | Date |
|---|---|---|---|
| Benny Husted | High | Remote | 2005-11-22 |
======================================================================== ======= _________________________________________ Security Advisory _________________________________________ http://www.fitsec.com/advisories/FS-05-02.txt _________________________________________ Severity: Low/Medium Title: Multiple vulnerabilities in phpMyAdmin Date: 12.11.2005 ID: FS-05-02 Author: Toni Koivunen (toni.koivunen (at) fitsec.com) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Background: phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the Web. Currently it can create and drop databases, create/drop/alter tables, delete/edit/add fields, execute any SQL statement, manage keys on fields. Affected versions: Atleast 2.7.0-beta1, most likely others versions also. Description: Vuln 1: Full Path Disclosures in the following files: libraries/string.lib.php libraries/storage_engines.lib.php libraries/sqlparser.lib.php libraries/sql_query_form.lib.php libraries/select_theme.lib.php libraries/select_lang.lib.php libraries/relation_cleanup.lib.php libraries/left_header.inc.php libraries/import.lib.php libraries/header_meta_style.inc.php libraries/grab_globals.lib.php libraries/get_foreign.lib.php (get_foreign.lib.php?field=foo&foreigners[foo]=foo) libraries/display_tbl_links.lib.php (display_tbl_links.lib.php?doWriteModifyAt=left&edit_url=foo) libraries/display_import.lib.php libraries/display_export.lib.php libraries/display_create_table.lib.php libraries/display_create_database.lib.php libraries/db_table_exists.lib.php libraries/database_interface.lib.php libraries/common.lib.php libraries/check_user_privileges.lib.php libraries/charset_conversion.lib.php (charset_conversion.lib.php?cfg[AllowAnywhereRecoding]=true&allow_recodi ng=true) libraries/sqlvalidator.lib.php (libraries/sqlvalidator.lib.php?cfg[SQLValidator]=use=TRUE) libraries/import/sql.php libraries/fpdf/ufpdf.php libraries/auth/cookie.auth.lib.php (libraries/auth/cookie.auth.lib.php?coming_from_common=true) Vuln 2: Http Response Splitting in libraries/header_http.inc.php The script doesn't check for direct access. If register_globals is on, it is possible for a remote attacker to cause http response splitting. Impact: A remote attacker could exploit this to learn installation paths on server. The HTTP Response splitting vulnerability can lead to user compromise amongst other things. Status: 12.11.2005 Vulnerabilities found Acknowledgements: To the community at dievo.org, keep it up :)
Copyright ©2024 Exploitalert.