Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-fa4e-8zf1-b3e3
Vulnerability ID VCID-fa4e-8zf1-b3e3
Aliases CVE-2005-4349
Summary SQL injection vulnerability in server_privileges.php in phpMyAdmin 2.7.0 allows remote authenticated users to execute arbitrary SQL commands via the (1) dbname and (2) checkprivs parameters. NOTE: the vendor and a third party have disputed this issue, saying that the main task of the program is to support query execution by authenticated users, and no external attack scenario exists without an auto-login configuration. Thus it is likely that this issue will be REJECTED. However, a closely related CSRF issue has been assigned CVE-2005-4450
Status Published
Exploitability 0.5
Weighted Severity 5.7
Risk 2.9
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
cvssv3.1 6.3 http://marc.info/?l=bugtraq&m=113486637512821&w=2
ssvc Track http://marc.info/?l=bugtraq&m=113486637512821&w=2
epss 0.01659 https://api.first.org/data/v1/epss?cve=CVE-2005-4349
epss 0.01659 https://api.first.org/data/v1/epss?cve=CVE-2005-4349
epss 0.01659 https://api.first.org/data/v1/epss?cve=CVE-2005-4349
cvssv3.1 6.3 http://secunia.com/advisories/18113
ssvc Track http://secunia.com/advisories/18113
cvssv3.1 6.3 http://securityreason.com/securityalert/270
ssvc Track http://securityreason.com/securityalert/270
cvssv3.1 6.3 http://www.securityfocus.com/archive/1/419829/100/0/threaded
ssvc Track http://www.securityfocus.com/archive/1/419829/100/0/threaded
cvssv3.1 6.3 http://www.securityfocus.com/archive/1/419832/100/0/threaded
ssvc Track http://www.securityfocus.com/archive/1/419832/100/0/threaded
cvssv3.1 6.3 http://www.vupen.com/english/advisories/2005/2995
ssvc Track http://www.vupen.com/english/advisories/2005/2995
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2005-4349
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4349
18113 http://secunia.com/advisories/18113
270 http://securityreason.com/securityalert/270
2995 http://www.vupen.com/english/advisories/2005/2995
?l=bugtraq&m=113486637512821&w=2 http://marc.info/?l=bugtraq&m=113486637512821&w=2
threaded http://www.securityfocus.com/archive/1/419829/100/0/threaded
threaded http://www.securityfocus.com/archive/1/419832/100/0/threaded
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L Found at http://marc.info/?l=bugtraq&m=113486637512821&w=2
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-15T19:20:51Z/ Found at http://marc.info/?l=bugtraq&m=113486637512821&w=2
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L Found at http://secunia.com/advisories/18113
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-15T19:20:51Z/ Found at http://secunia.com/advisories/18113
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L Found at http://securityreason.com/securityalert/270
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-15T19:20:51Z/ Found at http://securityreason.com/securityalert/270
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L Found at http://www.securityfocus.com/archive/1/419829/100/0/threaded
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-15T19:20:51Z/ Found at http://www.securityfocus.com/archive/1/419829/100/0/threaded
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L Found at http://www.securityfocus.com/archive/1/419832/100/0/threaded
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-15T19:20:51Z/ Found at http://www.securityfocus.com/archive/1/419832/100/0/threaded
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L Found at http://www.vupen.com/english/advisories/2005/2995
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-15T19:20:51Z/ Found at http://www.vupen.com/english/advisories/2005/2995
Exploit Prediction Scoring System (EPSS)
Percentile 0.82395
EPSS Score 0.01659
Published At June 4, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-04T17:07:07.574436+00:00 Debian Importer Import https://security-tracker.debian.org/tracker/data/json 38.6.0