FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

phpmyadmin -- command execution vulnerability

Affected packages <= phpMyAdmin < 2.6.1.r1


VuXML ID 0ff0e9a6-4ee0-11d9-a9e7-0001020eed82
Discovery 2004-12-13
Entry 2004-12-15
Modified 2004-12-19

A phpMyAdmin security announcement reports:

Command execution: since phpMyAdmin 2.6.0-pl2, on a system where external MIME-based transformations are activated, an attacker can put into MySQL data an offensive value that starts a shell command when browsed.

Enabling PHP safe mode on the server can be used as a workaround for this vulnerability.


CVE Name CVE-2004-1147