Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-2506

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2011-2506
Last Modified 25 Oct 2011 10:59:51
Published 14 Jul 2011 07:55:04
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-2506

Summary

setup/lib/ConfigGenerator.class.php in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 does not properly restrict the presence of comment closing delimiters, which allows remote attackers to conduct static code injection attacks by leveraging the ability to modify the SESSION superglobal array.

Vulnerable Systems

Application

  • Phpmyadmin 3.0.0

  • Phpmyadmin 3.0.1

  • Phpmyadmin 3.0.1.1

  • Phpmyadmin 3.1.0

  • Phpmyadmin 3.1.1

  • Phpmyadmin 3.1.2

  • Phpmyadmin 3.1.3

  • Phpmyadmin 3.1.3.1

  • Phpmyadmin 3.1.3.2

  • Phpmyadmin 3.1.4

  • Phpmyadmin 3.1.5

  • Phpmyadmin 3.2.0

  • Phpmyadmin 3.2.1

  • Phpmyadmin 3.2.2

  • Phpmyadmin 3.3.0.0

  • Phpmyadmin 3.3.1.0

  • Phpmyadmin 3.3.10.0

  • Phpmyadmin 3.3.10.1

  • Phpmyadmin 3.3.2.0

  • Phpmyadmin 3.3.3.0

  • Phpmyadmin 3.3.4.0

  • Phpmyadmin 3.3.5.0

  • Phpmyadmin 3.3.5.1

  • Phpmyadmin 3.3.6

  • Phpmyadmin 3.3.7

  • Phpmyadmin 3.3.8

  • Phpmyadmin 3.3.8.1

  • Phpmyadmin 3.3.9.0

  • Phpmyadmin 3.3.9.1

  • Phpmyadmin 3.3.9.2

  • Phpmyadmin 3.4.0.0

  • Phpmyadmin 3.4.1.0

  • Phpmyadmin 3.4.2.0

  • Phpmyadmin 3.4.3.0


References

CONFIRM - http://www.phpmyadmin.net/home_page/security/PMASA-2011-6.php

CONFIRM - http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commit;h=0fbedaf5fd7a771d0885c6b7385d934fc90d0d7f

MISC - http://www.xxor.se/advisories/phpMyAdmin_3.x_Multiple_Remote_Code_Executions.txt

BUGTRAQ - 20110707 phpMyAdmin 3.x Multiple Remote Code Executions

OSVDB - 73612

MLIST - [oss-security] 20110629 Re: CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities

MLIST - [oss-security] 20110628 Re: [Phpmyadmin-security] CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities

MLIST - [oss-security] 20110628 Re: CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities

MLIST - [oss-security] 20110628 CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities

MANDRIVA - MDVSA-2011:124

EXPLOIT-DB - 17514

DEBIAN - DSA-2286

CONFIRM - http://typo3.org/teams/security/security-bulletins/typo3-sa-2011-008/

SREASON - 8306

SECUNIA - 45315

SECUNIA - 45292

SECUNIA - 45139

FEDORA - FEDORA-2011-9144

MISC - http://ha.xxor.se/2011/07/phpmyadmin-3x-multiple-remote-code.html


Last Updated: 27 May 2016 10:57:02