ID CVE-2004-2218
Summary SQL injection vulnerability in pmwh.php in PHPMyWebHosting 0.3.4 and earlier allows remote attackers to modify SQL statements via the password parameter.
References
Vulnerable Configurations
  • cpe:2.3:a:phpmywebhosting:phpmywebhosting:0.3.4
    cpe:2.3:a:phpmywebhosting:phpmywebhosting:0.3.4
CVSS
Base: 7.5 (as of 21-07-2005 - 08:57)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
exploit-db via4
description phpMyWebhosting SQL Injection Exploit. CVE-2004-2218. Webapps exploit for php platform
id EDB-ID:406
last seen 2016-01-31
modified 2004-08-20
published 2004-08-20
reporter Noam Rathaus
source https://www.exploit-db.com/download/406/
title phpMyWebhosting SQL Injection Exploit
nessus via4
NASL family CGI abuses
NASL id PHPMYWEBHOSTING_SQL_INJECTION.NASL
description The remote host is running PHPMyWebHosting, a web hosting management interface written in PHP. The remote version of this software does not perform a proper validation of user-supplied input and is, therefore, vulnerable to a SQL injection attack. An attacker may execute arbitrary SQL statements against the remote database by sending a malformed username containing SQL escape characters when logging into the remote interface in 'login.php'.
last seen 2019-02-21
modified 2018-07-24
plugin id 16208
published 2005-01-19
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=16208
title phpMyWebHosting Authentication SQL Injection
refmap via4
bid 10942
bugtraq
  • 20040814 Posible security bug in phpMyWebhosting
  • 20040920 Re: Posible security bug in phpMyWebhosting
osvdb 8976
xf phpmywebhosting-pmwh-sql-injection(17005)
Last major update 05-09-2008 - 16:43
Published 31-12-2004 - 00:00
Last modified 10-07-2017 - 21:31
Back to Top