CVE-2004-2631

phpMyAdmin <2.5.8 - Command Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-2631. PoCs published by Nasir Simbolon.

AI-analyzed exploit summary This exploit acts as a proxy between a client and a MySQL server, intercepting and manipulating the response to a 'SHOW TABLES' query to inject arbitrary PHP code into phpMyAdmin. The injected code executes a command to create a file, demonstrating remote code execution (RCE).

Description

Eval injection vulnerability in left.php in phpMyAdmin 2.5.1 up to 2.5.7, when LeftFrameLight is FALSE, allows remote attackers to execute arbitrary PHP code via a crafted table name.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Nasir Simbolon · cwebappsphp

https://www.exploit-db.com/exploits/309

View Code ZIP pw:eip

This exploit acts as a proxy between a client and a MySQL server, intercepting and manipulating the response to a 'SHOW TABLES' query to inject arbitrary PHP code into phpMyAdmin. The injected code executes a command to create a file, demonstrating remote code execution (RCE).

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: phpMyAdmin 2.5.7

Auth required

Prerequisites: Access to a vulnerable phpMyAdmin instance · Ability to configure a malicious server to intercept MySQL traffic · Valid credentials for the target phpMyAdmin instance

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →