PT-2004-3113 · Phpmywebhosting · Phpmywebhosting

Published

2004-12-31

Updated

2017-07-11

CVE-2004-2218

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions PHPMyWebHosting versions 0.3.4 and earlier

Description The issue allows remote attackers to modify SQL statements via the password parameter in the pmwh.php file. This can be exploited by sending crafted input to the vulnerable endpoint.

Recommendations For PHPMyWebHosting versions 0.3.4 and earlier, update to a version later than 0.3.4 to resolve the issue. As a temporary workaround, consider restricting access to the pmwh.php file to minimize the risk of exploitation. Avoid using the password parameter in the affected endpoint until the issue is resolved.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2004-2218

Affected Products

Phpmywebhosting

PT-2004-3113 · Phpmywebhosting · Phpmywebhosting

CVE-2004-2218

Related Identifiers

Affected Products

References · 7