Gain a shell remotely : phpMyAdmin sql.php command execution

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.51978

Category: Gain a shell remotely

Title: phpMyAdmin sql.php command execution

Summary: NOSUMMARY

Description: Description:

The remote version of phpMyAdmin, according to its version
number, is vulnerable to a file disclosure and command
execution vulnerability via the 'sql.php' script.

Versions prior to 2.2.1 are vulnerable.

Solution: Upgrade to 2.2.1 or later.

Risk factor : High

CVSS Score:
7.5

Cross-Ref: BugTraq ID: 2642
Common Vulnerability Exposure (CVE) ID: CVE-2001-0478
http://www.securityfocus.com/bid/2642
Bugtraq: 20010423 (SRPRE00001) phpMyAdmin 2.1.0 and phpPgAdmin 2.2.1 (Google Search)
http://archives.neohapsis.com/archives/bugtraq/2001-04/0396.html

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.51978
Category:	Gain a shell remotely
Title:	phpMyAdmin sql.php command execution
Summary:	NOSUMMARY
Description:	Description: The remote version of phpMyAdmin, according to its version number, is vulnerable to a file disclosure and command execution vulnerability via the 'sql.php' script. Versions prior to 2.2.1 are vulnerable. Solution: Upgrade to 2.2.1 or later. Risk factor : High CVSS Score: 7.5
Cross-Ref:	BugTraq ID: 2642 Common Vulnerability Exposure (CVE) ID: CVE-2001-0478 http://www.securityfocus.com/bid/2642 Bugtraq: 20010423 (SRPRE00001) phpMyAdmin 2.1.0 and phpPgAdmin 2.2.1 (Google Search) http://archives.neohapsis.com/archives/bugtraq/2001-04/0396.html
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com