CVE-2005-0567
phpMyAdmin 2.6.1 - Remote File Inclusion via Theme or Extension Parameter
Title source: llmDescription
Multiple PHP remote file inclusion vulnerabilities in phpMyAdmin 2.6.1 allow remote attackers to execute arbitrary PHP code by modifying the (1) theme parameter to phpmyadmin.css.php or (2) cfg[Server][extension] parameter to database_interface.lib.php to reference a URL on a remote web server that contains the code.
References (6)
Core 6
Core References
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/14382/
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/19465
Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/12645
Vendor Advisory x_refsource_confirm
http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2005-1
Patch x_refsource_confirm
http://sourceforge.net/tracker/index.php?func=detail&aid=1149381&group_id=23067&atid=377408
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=110929725801154&w=2
Scores
EPSS
0.0122
EPSS Percentile
79.3%
Details
Status
published
Products (1)
phpmyadmin/phpmyadmin
2.6.1
Published
May 02, 2005
Tracked Since
Feb 18, 2026