VYPR
← All advisories
Unrated severityNVD Advisory· Published Dec 31, 2004· Updated Apr 16, 2026

CVE-2004-2632

CVE-2004-2632

Description

phpMyAdmin 2.5.1–2.5.7 allows remote attackers to modify server configuration and execute arbitrary PHP code via crafted GET parameters and table names.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

phpMyAdmin 2.5.1–2.5.7 allows remote attackers to modify server configuration and execute arbitrary PHP code via crafted GET parameters and table names.

Vulnerability

In phpMyAdmin versions 2.5.1 through 2.5.7, a remote attacker can modify configuration settings by appending new $cfg['Servers'] variables via GET parameters. Additionally, when $cfg['LeftFrameLight'] is set to FALSE, an attacker can supply a specially formatted table name that is passed to an eval() function, leading to arbitrary PHP code execution. This second vector requires the attacker to use a modified MySQL server that returns crafted table names [1][2].

Exploitation

For the configuration modification vector, an authenticated attacker simply appends ?cfg[Servers][...]=... to the URL. For the code execution vector, the attacker must have the $cfg['LeftFrameLight'] option disabled and must be able to make phpMyAdmin contact a malicious MySQL server that returns a crafted table name. The attacker does not need special privileges beyond a valid phpMyAdmin account. The sequence involves setting up a rogue MySQL server that, when queried by phpMyAdmin, returns a table name containing PHP code, which phpMyAdmin then evaluates with eval(). Both vectors can be combined to achieve remote code execution [1][2].

Impact

An attacker who successfully exploits either vector can read, modify, or delete configuration settings, potentially gaining unauthorized access to MySQL servers. In the worst case, using the table-name eval vector, the attacker can execute arbitrary PHP code on the web server with the permissions of the web server process. This can lead to full compromise of the web application and its underlying database, as well as potential denial of service or further lateral movement within the network [1][2].

Mitigation

phpMyAdmin 2.5.7-pl1 (released shortly after disclosure) fixes both vulnerabilities. Users should upgrade to this version or later. As a workaround, set $cfg['LeftFrameLight'] to TRUE in the configuration file, which disables the vulnerable eval() code path. The default Gentoo installation has this set to TRUE, limiting exposure to the second vector. No workaround exists for the configuration modification vector aside from upgrading [1][2].

References
  1. PMASA-2004-1
  2. Multiple vulnerabilities (GLSA 200407-22) — Gentoo security

AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

13
  • PhpMyAdmin/phpMyAdmin13 versions
    cpe:2.3:a:phpmyadmin:phpmyadmin:2.5.1:*:*:*:*:*:*:*+ 12 more
    • cpe:2.3:a:phpmyadmin:phpmyadmin:2.5.1:*:*:*:*:*:*:*
    • cpe:2.3:a:phpmyadmin:phpmyadmin:2.5.2:*:*:*:*:*:*:*
    • cpe:2.3:a:phpmyadmin:phpmyadmin:2.5.2_pl1:*:*:*:*:*:*:*
    • cpe:2.3:a:phpmyadmin:phpmyadmin:2.5.3:*:*:*:*:*:*:*
    • cpe:2.3:a:phpmyadmin:phpmyadmin:2.5.4:*:*:*:*:*:*:*
    • cpe:2.3:a:phpmyadmin:phpmyadmin:2.5.5:*:*:*:*:*:*:*
    • cpe:2.3:a:phpmyadmin:phpmyadmin:2.5.5_pl1:*:*:*:*:*:*:*
    • cpe:2.3:a:phpmyadmin:phpmyadmin:2.5.5_rc1:*:*:*:*:*:*:*
    • cpe:2.3:a:phpmyadmin:phpmyadmin:2.5.5_rc2:*:*:*:*:*:*:*
    • cpe:2.3:a:phpmyadmin:phpmyadmin:2.5.6_rc1:*:*:*:*:*:*:*
    • cpe:2.3:a:phpmyadmin:phpmyadmin:2.5.6_rc2:*:*:*:*:*:*:*
    • cpe:2.3:a:phpmyadmin:phpmyadmin:2.5.7:*:*:*:*:*:*:*
    • (no CPE)range: >=2.5.1 <=2.5.7

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

10

News mentions

0

No linked articles in our index yet.