CVE-2006-6943
Severity CVSS v4.0:
Pending analysis
Type:
CWE-20
Input Validation
Publication date:
19/01/2007
Last modified:
18/11/2016
Description
PhpMyAdmin before 2.9.1.1 allows remote attackers to obtain the full server path via direct requests to (a) scripts/check_lang.php and (b) themes/darkblue_orange/layout.inc.php; and via the (1) lang[], (2) target[], (3) db[], (4) goto[], (5) table[], and (6) tbl_group[] array arguments to (c) index.php, and the (7) back[] argument to (d) sql.php; and an invalid (8) sort_by parameter to (e) server_databases.php and (9) db parameter to (f) db_printview.php.
Impact
Base Score 2.0
5.00
Severity 2.0
MEDIUM
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:phpmyadmin:phpmyadmin:*:*:*:*:*:*:*:* | 2.9.1 (including) | |
cpe:2.3:a:phpmyadmin:phpmyadmin:2.9.0:*:*:*:*:*:*:* | ||
cpe:2.3:a:phpmyadmin:phpmyadmin:2.9.0.1:*:*:*:*:*:*:* | ||
cpe:2.3:a:phpmyadmin:phpmyadmin:2.9.0.2:*:*:*:*:*:*:* | ||
cpe:2.3:a:phpmyadmin:phpmyadmin:2.9.0.3:*:*:*:*:*:*:* | ||
cpe:2.3:a:phpmyadmin:phpmyadmin:2.9.0_beta1:*:*:*:*:*:*:* | ||
cpe:2.3:a:phpmyadmin:phpmyadmin:2.9.0_rc1:*:*:*:*:*:*:* | ||
cpe:2.3:a:phpmyadmin:phpmyadmin:2.9.1_rc1:*:*:*:*:*:*:* | ||
cpe:2.3:a:phpmyadmin:phpmyadmin:2.9.1_rc2:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page