FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2011-2505

This CVE name corresponds to:

Entered	Topic
2011-07-03	phpmyadmin -- multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2011-2505 at cve.mitre.org

Details

Type	Candidate
Name	CVE-2011-2505
Phase	Assigned(20110615)

Description

libraries/auth/swekey/swekey.auth.lib.php in the Swekey authentication feature in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 assigns values to arbitrary parameters referenced in the query string, which allows remote attackers to modify the SESSION superglobal array via a crafted request, related to a "remote variable manipulation vulnerability."

References

Source	Reference
BUGTRAQ	20110707 phpMyAdmin 3.x Multiple Remote Code Executions
EXPLOIT-DB	17514
MLIST	[oss-security] 20110628 CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities
MLIST	[oss-security] 20110628 Re: CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities
MLIST	[oss-security] 20110628 Re: [Phpmyadmin-security] CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities
MLIST	[oss-security] 20110629 Re: CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities
MISC	http://ha.xxor.se/2011/07/phpmyadmin-3x-multiple-remote-code.html
MISC	http://www.xxor.se/advisories/phpMyAdmin_3.x_Multiple_Remote_Code_Executions.txt
CONFIRM	http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commit;h=7ebd958b2bf59f96fecd5b3322bdbd0b244a7967
CONFIRM	http://typo3.org/teams/security/security-bulletins/typo3-sa-2011-008/
CONFIRM	http://www.phpmyadmin.net/home_page/security/PMASA-2011-5.php
DEBIAN	DSA-2286
FEDORA	FEDORA-2011-9144
MANDRIVA	MDVSA-2011:124
OSVDB	73611
SECUNIA	45139
SECUNIA	45292
SECUNIA	45315
SREASON	8306