National Cyber Awareness System

Vulnerability Summary for CVE-2011-2506

Overview

setup/lib/ConfigGenerator.class.php in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 does not properly restrict the presence of comment closing delimiters, which allows remote attackers to conduct static code injection attacks by leveraging the ability to modify the SESSION superglobal array.

Impact

CVSS Severity (version 2.0):

CVSS Version 2 Metrics:

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

External Source: CONFIRM

Name: http://www.phpmyadmin.net/home_page/security/PMASA-2011-6.php

Type: Advisory; Patch Information

Hyperlink:http://www.phpmyadmin.net/home_page/security/PMASA-2011-6.php

External Source: CONFIRM

Name: http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commit;h=0fbedaf5fd7a771d0885c6b7385d934fc90d0d7f

Type: Patch Information

Hyperlink:http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commit;h=0fbedaf5fd7a771d0885c6b7385d934fc90d0d7f

External Source: MISC

Name: http://www.xxor.se/advisories/phpMyAdmin_3.x_Multiple_Remote_Code_Executions.txt

Hyperlink:http://www.xxor.se/advisories/phpMyAdmin_3.x_Multiple_Remote_Code_Executions.txt

External Source: BUGTRAQ

Name: 20110707 phpMyAdmin 3.x Multiple Remote Code Executions

Hyperlink:http://www.securityfocus.com/archive/1/archive/1/518804/100/0/threaded

External Source: OSVDB

Name: 73612

Hyperlink:http://www.osvdb.org/73612

External Source: MLIST

Name: [oss-security] 20110629 Re: CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities

Hyperlink:http://www.openwall.com/lists/oss-security/2011/06/29/11

External Source: MLIST

Name: [oss-security] 20110628 Re: [Phpmyadmin-security] CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities

Hyperlink:http://www.openwall.com/lists/oss-security/2011/06/28/8

External Source: MLIST

Name: [oss-security] 20110628 Re: CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities

Hyperlink:http://www.openwall.com/lists/oss-security/2011/06/28/6

External Source: MLIST

Name: [oss-security] 20110628 CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities

Hyperlink:http://www.openwall.com/lists/oss-security/2011/06/28/2

External Source: MANDRIVA

Name: MDVSA-2011:124

Hyperlink:http://www.mandriva.com/security/advisories?name=MDVSA-2011:124

External Source: EXPLOIT-DB

Name: 17514

Hyperlink:http://www.exploit-db.com/exploits/17514/

External Source: DEBIAN

Name: DSA-2286

Hyperlink:http://www.debian.org/security/2011/dsa-2286

External Source: CONFIRM

Name: http://typo3.org/teams/security/security-bulletins/typo3-sa-2011-008/

Hyperlink:http://typo3.org/teams/security/security-bulletins/typo3-sa-2011-008/

External Source: SREASON

Name: 8306

Hyperlink:http://securityreason.com/securityalert/8306

External Source: SECUNIA

Name: 45315

Hyperlink:http://secunia.com/advisories/45315

External Source: SECUNIA

Name: 45292

Hyperlink:http://secunia.com/advisories/45292

External Source: SECUNIA

Name: 45139

Type: Advisory

Hyperlink:http://secunia.com/advisories/45139

External Source: FEDORA

Name: FEDORA-2011-9144

Hyperlink:http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062719.html

External Source: MISC

Name: http://ha.xxor.se/2011/07/phpmyadmin-3x-multiple-remote-code.html

Hyperlink:http://ha.xxor.se/2011/07/phpmyadmin-3x-multiple-remote-code.html