SecPod SCAP Repo, a repository of SCAP Content (CVE, CCE, CPE, CWE, OVAL and XCCDF)

[Forgot Password]

Paid content will be excluded from the download.

Download | Alert*

CVE

CVE-2011-2506

Date: (C)2011-07-14 (M)2023-12-22

setup/lib/ConfigGenerator.class.php in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 does not properly restrict the presence of comment closing delimiters, which allows remote attackers to conduct static code injection attacks by leveraging the ability to modify the SESSION superglobal array.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.5
Exploit Score: 10.0
Impact Score: 6.4

CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL

Reference:

EXPLOIT-DB-17514

http://www.securityfocus.com/archive/1/518804/100/0/threaded

FEDORA-2011-9144

http://www.openwall.com/lists/oss-security/2011/06/28/2

http://www.openwall.com/lists/oss-security/2011/06/28/6

http://www.openwall.com/lists/oss-security/2011/06/28/8

http://www.openwall.com/lists/oss-security/2011/06/29/11

http://ha.xxor.se/2011/07/phpmyadmin-3x-multiple-remote-code.html

http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commit%3Bh=0fbedaf5fd7a771d0885c6b7385d934fc90d0d7f

http://typo3.org/teams/security/security-bulletins/typo3-sa-2011-008/

http://www.phpmyadmin.net/home_page/security/PMASA-2011-6.php

http://www.xxor.se/advisories/phpMyAdmin_3.x_Multiple_Remote_Code_Executions.txt

cpe:/a:phpmyadmin:phpmyadmin:3.0.0:rc1
cpe:/a:phpmyadmin:phpmyadmin:3.1.2
cpe:/a:phpmyadmin:phpmyadmin:3.1.3
cpe:/a:phpmyadmin:phpmyadmin:3.1.4
...

oval:org.secpod.oval:def:600595

© SecPod Technologies