Vulnerabilities > CVE-2006-1804 - SQL-Injection vulnerability in PHPmyadmin 2.7.0Pl1/2.8.0.3
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
SQL injection vulnerability in sql.php in phpMyAdmin 2.7.0-pl1 allows remote attackers to execute arbitrary SQL commands via the sql_query parameter. This vulnerbability may affect earlier versions of phpMyAdmin as well.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 |
Nessus
| NASL family | FreeBSD Local Security Checks |
| NASL id | FREEBSD_PKG_2ECD02E2E86411DAB9F400123FFE8333.NASL |
| description | phpMyAdmin security team reports : It was possible to inject arbitrary SQL commands by forcing an authenticated user to follow a crafted link. Such issue is quite common in many PHP applications and users should take care what links they follow. We consider these vulnerabilities to be quite dangerous. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 21577 |
| published | 2006-05-22 |
| reporter | This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
| source | https://www.tenable.com/plugins/nessus/21577 |
| title | FreeBSD : phpmyadmin -- CSRF vulnerabilities (2ecd02e2-e864-11da-b9f4-00123ffe8333) |
References
- http://secunia.com/advisories/19659
- http://secunia.com/advisories/19897
- http://www.novell.com/linux/security/advisories/2006_04_28.html
- http://www.securityfocus.com/archive/1/431013/100/0/threaded
- http://www.vupen.com/english/advisories/2006/1372
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25858