FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

phpmyadmin -- command execution vulnerability

Affected packages
2.6.0.2 <= phpMyAdmin < 2.6.1.r1

Details

VuXML ID 0ff0e9a6-4ee0-11d9-a9e7-0001020eed82
Discovery 2004-12-13
Entry 2004-12-15
Modified 2004-12-19

A phpMyAdmin security announcement reports:

Command execution: since phpMyAdmin 2.6.0-pl2, on a system where external MIME-based transformations are activated, an attacker can put into MySQL data an offensive value that starts a shell command when browsed.

Enabling PHP safe mode on the server can be used as a workaround for this vulnerability.

References

CVE Name CVE-2004-1147
URL http://www.exaprobe.com/labs/advisories/esa-2004-1213.html
URL http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2004-4