CVE-2006-6944

Severity

75%

Complexity

99%

Confidentiality

106%

phpMyAdmin before 2.9.1.1 allows remote attackers to bypass Allow/Deny access rules that use IP addresses via false headers.

phpMyAdmin before 2.9.1.1 allows remote attackers to bypass Allow/Deny access rules that use IP addresses via false headers.

CVSS 2.0 Base Score 7.5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P).

Overview

First reported 18 years ago

2007-01-19 02:28:00

Last updated 13 years ago

2011-03-08 02:47:00

Affected Software

phpMYAdmin 2.9.0

2.9.0

phpMyAdmin 2.9.0.1

2.9.0.1

phpMyAdmin 2.9.0.2

2.9.0.2

phpMyAdmin 2.9.0.3

2.9.0.3

References

26733

http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2006-9

Patch, Vendor Advisory

DSA-1370

ADV-2006-4572

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.