FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2011-2506

This CVE name corresponds to:

Entered Topic
2011-07-03 phpmyadmin -- multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2011-2506 at cve.mitre.org

Details

Type Candidate
Name CVE-2011-2506
Phase Assigned(20110615)

Description

setup/lib/ConfigGenerator.class.php in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 does not properly restrict the presence of comment closing delimiters, which allows remote attackers to conduct static code injection attacks by leveraging the ability to modify the SESSION superglobal array.

References

Source Reference
BUGTRAQ 20110707 phpMyAdmin 3.x Multiple Remote Code Executions
EXPLOIT-DB 17514
MLIST [oss-security] 20110628 CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities
MLIST [oss-security] 20110628 Re: CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities
MLIST [oss-security] 20110628 Re: [Phpmyadmin-security] CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities
MLIST [oss-security] 20110629 Re: CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities
MISC http://ha.xxor.se/2011/07/phpmyadmin-3x-multiple-remote-code.html
MISC http://www.xxor.se/advisories/phpMyAdmin_3.x_Multiple_Remote_Code_Executions.txt
CONFIRM http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commit;h=0fbedaf5fd7a771d0885c6b7385d934fc90d0d7f
CONFIRM http://typo3.org/teams/security/security-bulletins/typo3-sa-2011-008/
CONFIRM http://www.phpmyadmin.net/home_page/security/PMASA-2011-6.php
DEBIAN DSA-2286
FEDORA FEDORA-2011-9144
MANDRIVA MDVSA-2011:124
OSVDB 73612
SECUNIA 45139
SECUNIA 45292
SECUNIA 45315
SREASON 8306

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.