fkie_cve-2012-5469
Vulnerability from fkie_nvd
Published
2012-12-20 12:02
Modified
2025-04-11 00:51
Severity ?
Summary
The Portable phpMyAdmin plugin before 1.3.1 for WordPress allows remote attackers to bypass authentication and obtain phpMyAdmin console access via a direct request to wp-content/plugins/portable-phpmyadmin/wp-pma-mod.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpmyadmin | phpmyadmin | 1.0.0 | |
| phpmyadmin | phpmyadmin | 1.0.1 | |
| phpmyadmin | phpmyadmin | 1.0.2 | |
| phpmyadmin | phpmyadmin | 1.0.3 | |
| phpmyadmin | phpmyadmin | 1.0.4 | |
| phpmyadmin | phpmyadmin | 1.0.5 | |
| phpmyadmin | phpmyadmin | 1.0.6 | |
| phpmyadmin | phpmyadmin | 1.0.6 | |
| phpmyadmin | phpmyadmin | 1.0.7 | |
| phpmyadmin | phpmyadmin | 1.0.8 | |
| phpmyadmin | phpmyadmin | 1.1 | |
| phpmyadmin | phpmyadmin | 1.2 | |
| phpmyadmin | phpmyadmin | 1.2.1 | |
| phpmyadmin | phpmyadmin | 1.2.2 | |
| phpmyadmin | phpmyadmin | 1.2.3 | |
| phpmyadmin | phpmyadmin | 1.2.4 | |
| phpmyadmin | phpmyadmin | 1.2.5 | |
| phpmyadmin | phpmyadmin | 1.2.6 | |
| phpmyadmin | phpmyadmin | 1.2.7 | |
| phpmyadmin | phpmyadmin | 1.2.8 | |
| phpmyadmin | phpmyadmin | 1.2.9 | |
| phpmyadmin | phpmyadmin | 1.2.9.1 | |
| phpmyadmin | phpmyadmin | 1.2.9.2 | |
| phpmyadmin | phpmyadmin | 1.2.9.3 | |
| phpmyadmin | phpmyadmin | 1.2.9.4 | |
| phpmyadmin | phpmyadmin | 1.2.9.4 | |
| phpmyadmin | phpmyadmin | 1.2.9.5 | |
| phpmyadmin | phpmyadmin | 1.3 | |
| phpmyadmin | phpmyadmin | 1.3 | |
| wordpress | wordpress | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "36DE9269-E61E-4F24-AC1A-978503933E37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2E1A8297-4418-4DBF-8C53-B5667103DC91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AF0D75EB-BEA7-4B0A-8CDD-9207350D0D91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C1CCD716-02E7-4017-98C0-0441D459CAFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4C7B2C59-9084-4456-A2BD-8827562F93EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1911AB52-EEA2-45A6-BF52-304B4FF763B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "86F0CCD7-22AB-474F-BFFC-B4AEAD5C02DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:1.0.6:a:*:*:*:*:*:*",
"matchCriteriaId": "2412915B-6D01-40D9-AA9B-E09FC1B86E38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2D194DB9-CEA9-4571-A5BD-6900C97AA0B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D3038292-307C-4FCC-87F7-19FDB183D51E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D2FF9BE0-FEA4-47DA-8558-8959B5612EA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9169B9B4-5E04-45B1-A600-B97B5224D24B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8A5E40DD-F6A3-4D97-8770-4F3776F5CBE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4F6673A9-D214-474B-BC3E-C13ACB3B5204",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "15E8363E-3B8A-4248-AFEA-39DE1098712E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "91256645-2A40-4242-B938-234D72C05E20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1BA4F6BA-5678-4D7C-A98F-141079C18523",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D06E973A-1C66-43FF-BC61-2FC7DDAFFF57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "169037D5-AEA0-4950-B0BF-EBC9A08AA2DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:1.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C9C7CE08-AED8-4D8C-A73F-A69404BAE8DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:1.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "9A675524-9339-4E5C-9763-2E7EEA6FBCC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:1.2.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "42ACF3CF-2BFB-4BA4-9DC1-2B56B847AAF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:1.2.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F81BFCAE-708F-4C0D-8899-DB3E6F08820B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:1.2.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0C7C7E0F-9BF4-4719-97C3-4F395EDCAC60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:1.2.9.4:b:*:*:*:*:*:*",
"matchCriteriaId": "AA9D7C76-A7B7-4852-BC34-48C010CA2652",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:1.2.9.4:c:*:*:*:*:*:*",
"matchCriteriaId": "CF931388-E9C8-47D7-8A8F-8036B082164E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:1.2.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "460F6547-8606-41BA-BCCD-EB38739EB22A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BAF4BE01-9BD6-492C-85E7-BD3CF08F5EA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:1.3:alpha:*:*:*:*:*:*",
"matchCriteriaId": "E9C4C7B1-DD4C-4D58-B36E-786797017625",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wordpress:wordpress:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A77EB0E7-7FA7-4232-97DF-7C7587D163F1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Portable phpMyAdmin plugin before 1.3.1 for WordPress allows remote attackers to bypass authentication and obtain phpMyAdmin console access via a direct request to wp-content/plugins/portable-phpmyadmin/wp-pma-mod."
},
{
"lang": "es",
"value": "El complemento phpMyAdmin Portable antes de v1.3.1 para WordPress permite a atacantes remotos evitar la autenticaci\u00f3n y obtener acceso a la consola de phpMyAdmin a trav\u00e9s de una solicitud directa al wp-content/plugins/portable-phpmyadmin/wp-pma-mod."
}
],
"id": "CVE-2012-5469",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-12-20T12:02:18.607",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-12/0092.html"
},
{
"source": "cve@mitre.org",
"url": "http://wordpress.org/extend/plugins/portable-phpmyadmin/changelog/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-12/0092.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://wordpress.org/extend/plugins/portable-phpmyadmin/changelog/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…