Description

The SQL install script in phpMyAdmin 2.6.2 is created with world-readable permissions, which allows local users to obtain the initial database password by reading the script.

Remediation

References

CVE-2005-1392

Related Vulnerabilities

Oracle JRE CVE-2012-5083 Vulnerability (CVE-2012-5083)

MySQL Use of Externally-Controlled Format String Vulnerability (CVE-2006-3469)

Oracle HTTP Server Use of Insufficiently Random Values Vulnerability (CVE-2020-35163)

WordPress Plugin BA Book Everything Cross-Site Scripting (1.3.24)

SharePoint Improper Certificate Validation Vulnerability (CVE-2019-1006)

Severity

Medium

Classification

CVE-2005-1392

Tags

Missing Update Known Vulnerabilities