SecPod SCAP Repo, a repository of SCAP Content (CVE, CCE, CPE, CWE, OVAL and XCCDF)

[Forgot Password]

Paid content will be excluded from the download.

Download | Alert*

CVE

CVE-2011-2505

Date: (C)2011-07-14 (M)2023-12-22

libraries/auth/swekey/swekey.auth.lib.php in the Swekey authentication feature in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 assigns values to arbitrary parameters referenced in the query string, which allows remote attackers to modify the SESSION superglobal array via a crafted request, related to a "remote variable manipulation vulnerability."

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 6.4
Exploit Score: 10.0
Impact Score: 4.9

CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: NONE
Integrity: PARTIAL
Availability: PARTIAL

Reference:

EXPLOIT-DB-17514

http://www.securityfocus.com/archive/1/518804/100/0/threaded

FEDORA-2011-9144

http://www.openwall.com/lists/oss-security/2011/06/28/2

http://www.openwall.com/lists/oss-security/2011/06/28/6

http://www.openwall.com/lists/oss-security/2011/06/28/8

http://www.openwall.com/lists/oss-security/2011/06/29/11

http://ha.xxor.se/2011/07/phpmyadmin-3x-multiple-remote-code.html

http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commit%3Bh=7ebd958b2bf59f96fecd5b3322bdbd0b244a7967

http://typo3.org/teams/security/security-bulletins/typo3-sa-2011-008/

http://www.phpmyadmin.net/home_page/security/PMASA-2011-5.php

http://www.xxor.se/advisories/phpMyAdmin_3.x_Multiple_Remote_Code_Executions.txt

cpe:/a:phpmyadmin:phpmyadmin:3.0.0:rc1
cpe:/a:phpmyadmin:phpmyadmin:3.1.2
cpe:/a:phpmyadmin:phpmyadmin:3.1.3
cpe:/a:phpmyadmin:phpmyadmin:3.1.4
...

oval:org.secpod.oval:def:600595

© SecPod Technologies