ID CVE-2006-5117
Summary phpMyAdmin before 2.9.1-rc1 has a libraries directory under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information via direct requests for certain files.
References
Vulnerable Configurations
  • cpe:2.3:a:phpmyadmin:phpmyadmin:2.8.0.1
    cpe:2.3:a:phpmyadmin:phpmyadmin:2.8.0.1
  • cpe:2.3:a:phpmyadmin:phpmyadmin:2.8.0.2
    cpe:2.3:a:phpmyadmin:phpmyadmin:2.8.0.2
  • cpe:2.3:a:phpmyadmin:phpmyadmin:2.8.0.3
    cpe:2.3:a:phpmyadmin:phpmyadmin:2.8.0.3
  • cpe:2.3:a:phpmyadmin:phpmyadmin:2.8.1
    cpe:2.3:a:phpmyadmin:phpmyadmin:2.8.1
  • cpe:2.3:a:phpmyadmin:phpmyadmin:2.8.1_dev
    cpe:2.3:a:phpmyadmin:phpmyadmin:2.8.1_dev
  • cpe:2.3:a:phpmyadmin:phpmyadmin:2.8.3
    cpe:2.3:a:phpmyadmin:phpmyadmin:2.8.3
  • cpe:2.3:a:phpmyadmin:phpmyadmin:2.8.4
    cpe:2.3:a:phpmyadmin:phpmyadmin:2.8.4
  • cpe:2.3:a:phpmyadmin:phpmyadmin:2.9.0_dev
    cpe:2.3:a:phpmyadmin:phpmyadmin:2.9.0_dev
CVSS
Base: 5.0 (as of 03-10-2006 - 13:55)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
nessus via4
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_19B17AB451E011DBA5AE00508D6A62DF.NASL
    description phpMyAdmin team reports : We received a security advisory from Stefan Esser (sesser@hardened-php.net) and we wish to thank him for his work. It was possible to inject arbitrary SQL commands by forcing an authenticated user to follow a crafted link.
    last seen 2019-02-21
    modified 2018-12-19
    plugin id 22487
    published 2006-10-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22487
    title FreeBSD : phpmyadmin -- CSRF vulnerabilities (19b17ab4-51e0-11db-a5ae-00508d6a62df)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_PHPMYADMIN-2300.NASL
    description This patch upgrades the phpMyAdmin package to version 2.9.1.1, including fixes for the security problems tracked by the Mitre CVE IDs CVE-2006-3388, CVE-2006-5116, CVE-2006-5117, and CVE-2006-5718.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 27395
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27395
    title openSUSE 10 Security Update : phpMyAdmin (phpMyAdmin-2300)
refmap via4
bid 20253
confirm http://prdownloads.sourceforge.net/phpmyadmin/phpMyAdmin-2.9.1-rc1.tar.gz?download
secunia
  • 22126
  • 23086
suse SUSE-SA:2006:071
Last major update 05-09-2008 - 17:11
Published 03-10-2006 - 00:03
Back to Top