CVE-2005-4349

Name of the Vulnerable Software and Affected Versions phpMyAdmin version 2.7.0

Description A SQL injection issue allows remote authenticated users to execute arbitrary SQL commands via the dbname and checkprivs parameters in the server privileges.php file. However, the vendor and a third party have disputed this issue, stating that the program's main task is to support query execution by authenticated users and no external attack scenario exists without an auto-login configuration.

Recommendations For phpMyAdmin version 2.7.0, consider restricting access to the server privileges.php file and limiting the use of the dbname and checkprivs parameters to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.