Description

The SQL install script in phpMyAdmin 2.6.2 is created with world-readable permissions, which allows local users to obtain the initial database password by reading the script.

Remediation

References

CVE-2005-1392

Related Vulnerabilities

Drupal Core 7.x Multiple Vulnerabilities (7.0 - 7.51)

MySQL Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Vulnerability (CVE-2016-6663)

Liferay DXP Incorrect Default Permissions Vulnerability (CVE-2022-42128)

WordPress Plugin Relevanssi-A Better Search SQL Injection (3.6.0)

WebLogic CVE-2023-22069 Vulnerability (CVE-2023-22069)

Severity

Medium

Classification

CVE-2005-1392

Tags

Missing Update Known Vulnerabilities