Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-2505

Overview

Vulnerability Score 6.4 6.4
CVE Id CVE-2011-2505
Last Modified 25 Oct 2011 10:59:51
Published 14 Jul 2011 07:55:04
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-2505

Summary

libraries/auth/swekey/swekey.auth.lib.php in the Swekey authentication feature in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 assigns values to arbitrary parameters referenced in the query string, which allows remote attackers to modify the SESSION superglobal array via a crafted request, related to a "remote variable manipulation vulnerability."

Vulnerable Systems

Application

  • Phpmyadmin 3.0.0

  • Phpmyadmin 3.0.1

  • Phpmyadmin 3.0.1.1

  • Phpmyadmin 3.1.0

  • Phpmyadmin 3.1.1

  • Phpmyadmin 3.1.2

  • Phpmyadmin 3.1.3

  • Phpmyadmin 3.1.3.1

  • Phpmyadmin 3.1.3.2

  • Phpmyadmin 3.1.4

  • Phpmyadmin 3.1.5

  • Phpmyadmin 3.2.0

  • Phpmyadmin 3.2.1

  • Phpmyadmin 3.2.2

  • Phpmyadmin 3.3.0.0

  • Phpmyadmin 3.3.1.0

  • Phpmyadmin 3.3.10.0

  • Phpmyadmin 3.3.10.1

  • Phpmyadmin 3.3.2.0

  • Phpmyadmin 3.3.3.0

  • Phpmyadmin 3.3.4.0

  • Phpmyadmin 3.3.5.0

  • Phpmyadmin 3.3.5.1

  • Phpmyadmin 3.3.6

  • Phpmyadmin 3.3.7

  • Phpmyadmin 3.3.8

  • Phpmyadmin 3.3.8.1

  • Phpmyadmin 3.3.9.0

  • Phpmyadmin 3.3.9.1

  • Phpmyadmin 3.3.9.2

  • Phpmyadmin 3.4.0.0

  • Phpmyadmin 3.4.1.0

  • Phpmyadmin 3.4.2.0

  • Phpmyadmin 3.4.3.0


References

CONFIRM - http://www.phpmyadmin.net/home_page/security/PMASA-2011-5.php

CONFIRM - http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commit;h=7ebd958b2bf59f96fecd5b3322bdbd0b244a7967

MISC - http://www.xxor.se/advisories/phpMyAdmin_3.x_Multiple_Remote_Code_Executions.txt

BUGTRAQ - 20110707 phpMyAdmin 3.x Multiple Remote Code Executions

OSVDB - 73611

MLIST - [oss-security] 20110629 Re: CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities

MLIST - [oss-security] 20110628 Re: [Phpmyadmin-security] CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities

MLIST - [oss-security] 20110628 Re: CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities

MLIST - [oss-security] 20110628 CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities

MANDRIVA - MDVSA-2011:124

EXPLOIT-DB - 17514

DEBIAN - DSA-2286

CONFIRM - http://typo3.org/teams/security/security-bulletins/typo3-sa-2011-008/

SREASON - 8306

SECUNIA - 45315

SECUNIA - 45292

SECUNIA - 45139

FEDORA - FEDORA-2011-9144

MISC - http://ha.xxor.se/2011/07/phpmyadmin-3x-multiple-remote-code.html


Last Updated: 27 May 2016 10:57:02