Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTA-2011-AVI-380
Vulnerability from certfr_avis
Plusieurs vulnérabilités dans phpMyAdmin permettent à un utilisateur distant d'exécuter du code arbitraire, de porter atteinte à l'intégrité ou à la confidentialité de certaines données.
Description
Plusieurs vulnérabilités sont présentes dans phpMyAdmin :
- la première permet de modifier le contenu de certaines variables de session et ce faisant d'exécuter du code arbitraire ;
- la seconde concerne un manque de contrôle sur certaines URL passées au serveur et permet d'exécuter du code arbitraire à distance ;
- la troisième vulnérabilité relative à un manque de contrôle des expressions régulières permet de conduire des attaques de type traversée de répertoire ;
- la dernière concerne également un problème de traversée de répertoire lié à la gestion de certains types MIME.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| phpMyAdmin | phpMyAdmin | phpMyAdmin versions 3.4.3.0 et antérieures. | ||
| phpMyAdmin | phpMyAdmin | phpMyAdmin versions 3.3.10.1 et antérieures ; |
References
| Title | Publication Time | Tags | |
|---|---|---|---|
|
|
|||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "phpMyAdmin versions 3.4.3.0 et ant\u00e9rieures.",
"product": {
"name": "phpMyAdmin",
"vendor": {
"name": "phpMyAdmin",
"scada": false
}
}
},
{
"description": "phpMyAdmin versions 3.3.10.1 et ant\u00e9rieures ;",
"product": {
"name": "phpMyAdmin",
"vendor": {
"name": "phpMyAdmin",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s sont pr\u00e9sentes dans phpMyAdmin :\n\n- la premi\u00e8re permet de modifier le contenu de certaines variables de\n session et ce faisant d\u0027ex\u00e9cuter du code arbitraire ;\n- la seconde concerne un manque de contr\u00f4le sur certaines URL pass\u00e9es\n au serveur et permet d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance ;\n- la troisi\u00e8me vuln\u00e9rabilit\u00e9 relative \u00e0 un manque de contr\u00f4le des\n expressions r\u00e9guli\u00e8res permet de conduire des attaques de type\n travers\u00e9e de r\u00e9pertoire ;\n- la derni\u00e8re concerne \u00e9galement un probl\u00e8me de travers\u00e9e de\n r\u00e9pertoire li\u00e9 \u00e0 la gestion de certains types MIME.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2011-2508",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2508"
},
{
"name": "CVE-2011-2505",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2505"
},
{
"name": "CVE-2011-2506",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2506"
},
{
"name": "CVE-2011-2507",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2507"
}
],
"initial_release_date": "2011-07-05T00:00:00",
"last_revision_date": "2011-07-05T00:00:00",
"links": [
{
"title": "Bulletins de s\u00e9curit\u00e9 phpMyAdmin PMASA-2011-7 du 02 juillet 2011 :",
"url": "http://www.phpmyadmin.net/home_page/security/PMASA-2011-7.php"
},
{
"title": "Bulletins de s\u00e9curit\u00e9 phpMyAdmin PMASA-2011-6 du 02 juillet 2011 :",
"url": "http://www.phpmyadmin.net/home_page/security/PMASA-2011-6.php"
},
{
"title": "Bulletins de s\u00e9curit\u00e9 phpMyAdmin PMASA-2011-5 du 02 juillet 2011 :",
"url": "http://www.phpmyadmin.net/home_page/security/PMASA-2011-5.php"
},
{
"title": "Bulletins de s\u00e9curit\u00e9 phpMyAdmin PMASA-2011-8 du 02 juillet 2011 :",
"url": "http://www.phpmyadmin.net/home_page/security/PMASA-2011-8.php"
}
],
"reference": "CERTA-2011-AVI-380",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2011-07-05T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "Plusieurs vuln\u00e9rabilit\u00e9s dans phpMyAdmin permettent \u00e0 un utilisateur\ndistant d\u0027ex\u00e9cuter du code arbitraire, de porter atteinte \u00e0 l\u0027int\u00e9grit\u00e9\nou \u00e0 la confidentialit\u00e9 de certaines donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans phpMyAdmin",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletins de s\u00e9curit\u00e9 phpMyAdmin du 03 juillet 2011",
"url": null
}
]
}
CVE-2011-2506 (GCVE-0-2011-2506)
Vulnerability from cvelistv5
Published
2011-07-14 23:00
Modified
2024-08-06 23:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
setup/lib/ConfigGenerator.class.php in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 does not properly restrict the presence of comment closing delimiters, which allows remote attackers to conduct static code injection attacks by leveraging the ability to modify the SESSION superglobal array.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:00:34.178Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.xxor.se/advisories/phpMyAdmin_3.x_Multiple_Remote_Code_Executions.txt"
},
{
"name": "[oss-security] 20110628 CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/28/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2011-008/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.phpmyadmin.net/home_page/security/PMASA-2011-6.php"
},
{
"name": "45292",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45292"
},
{
"name": "[oss-security] 20110628 Re: CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/28/6"
},
{
"name": "[oss-security] 20110628 Re: [Phpmyadmin-security] CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/28/8"
},
{
"name": "MDVSA-2011:124",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:124"
},
{
"name": "8306",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8306"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commit%3Bh=0fbedaf5fd7a771d0885c6b7385d934fc90d0d7f"
},
{
"name": "45139",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45139"
},
{
"name": "17514",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/17514/"
},
{
"name": "DSA-2286",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2286"
},
{
"name": "20110707 phpMyAdmin 3.x Multiple Remote Code Executions",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/518804/100/0/threaded"
},
{
"name": "73612",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/73612"
},
{
"name": "[oss-security] 20110629 Re: CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/29/11"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ha.xxor.se/2011/07/phpmyadmin-3x-multiple-remote-code.html"
},
{
"name": "45315",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45315"
},
{
"name": "FEDORA-2011-9144",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062719.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-06-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "setup/lib/ConfigGenerator.class.php in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 does not properly restrict the presence of comment closing delimiters, which allows remote attackers to conduct static code injection attacks by leveraging the ability to modify the SESSION superglobal array."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.xxor.se/advisories/phpMyAdmin_3.x_Multiple_Remote_Code_Executions.txt"
},
{
"name": "[oss-security] 20110628 CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/28/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2011-008/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.phpmyadmin.net/home_page/security/PMASA-2011-6.php"
},
{
"name": "45292",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45292"
},
{
"name": "[oss-security] 20110628 Re: CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/28/6"
},
{
"name": "[oss-security] 20110628 Re: [Phpmyadmin-security] CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/28/8"
},
{
"name": "MDVSA-2011:124",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:124"
},
{
"name": "8306",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8306"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commit%3Bh=0fbedaf5fd7a771d0885c6b7385d934fc90d0d7f"
},
{
"name": "45139",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45139"
},
{
"name": "17514",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/17514/"
},
{
"name": "DSA-2286",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2286"
},
{
"name": "20110707 phpMyAdmin 3.x Multiple Remote Code Executions",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/518804/100/0/threaded"
},
{
"name": "73612",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/73612"
},
{
"name": "[oss-security] 20110629 Re: CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/29/11"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ha.xxor.se/2011/07/phpmyadmin-3x-multiple-remote-code.html"
},
{
"name": "45315",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45315"
},
{
"name": "FEDORA-2011-9144",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062719.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-2506",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "setup/lib/ConfigGenerator.class.php in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 does not properly restrict the presence of comment closing delimiters, which allows remote attackers to conduct static code injection attacks by leveraging the ability to modify the SESSION superglobal array."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.xxor.se/advisories/phpMyAdmin_3.x_Multiple_Remote_Code_Executions.txt",
"refsource": "MISC",
"url": "http://www.xxor.se/advisories/phpMyAdmin_3.x_Multiple_Remote_Code_Executions.txt"
},
{
"name": "[oss-security] 20110628 CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/06/28/2"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2011-008/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2011-008/"
},
{
"name": "http://www.phpmyadmin.net/home_page/security/PMASA-2011-6.php",
"refsource": "CONFIRM",
"url": "http://www.phpmyadmin.net/home_page/security/PMASA-2011-6.php"
},
{
"name": "45292",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45292"
},
{
"name": "[oss-security] 20110628 Re: CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/06/28/6"
},
{
"name": "[oss-security] 20110628 Re: [Phpmyadmin-security] CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/06/28/8"
},
{
"name": "MDVSA-2011:124",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:124"
},
{
"name": "8306",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8306"
},
{
"name": "http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commit;h=0fbedaf5fd7a771d0885c6b7385d934fc90d0d7f",
"refsource": "CONFIRM",
"url": "http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commit;h=0fbedaf5fd7a771d0885c6b7385d934fc90d0d7f"
},
{
"name": "45139",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45139"
},
{
"name": "17514",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/17514/"
},
{
"name": "DSA-2286",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2286"
},
{
"name": "20110707 phpMyAdmin 3.x Multiple Remote Code Executions",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/518804/100/0/threaded"
},
{
"name": "73612",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/73612"
},
{
"name": "[oss-security] 20110629 Re: CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/06/29/11"
},
{
"name": "http://ha.xxor.se/2011/07/phpmyadmin-3x-multiple-remote-code.html",
"refsource": "MISC",
"url": "http://ha.xxor.se/2011/07/phpmyadmin-3x-multiple-remote-code.html"
},
{
"name": "45315",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45315"
},
{
"name": "FEDORA-2011-9144",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062719.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-2506",
"datePublished": "2011-07-14T23:00:00",
"dateReserved": "2011-06-15T00:00:00",
"dateUpdated": "2024-08-06T23:00:34.178Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-2505 (GCVE-0-2011-2505)
Vulnerability from cvelistv5
Published
2011-07-14 23:00
Modified
2024-08-06 23:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
libraries/auth/swekey/swekey.auth.lib.php in the Swekey authentication feature in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 assigns values to arbitrary parameters referenced in the query string, which allows remote attackers to modify the SESSION superglobal array via a crafted request, related to a "remote variable manipulation vulnerability."
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:00:34.116Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.xxor.se/advisories/phpMyAdmin_3.x_Multiple_Remote_Code_Executions.txt"
},
{
"name": "[oss-security] 20110628 CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/28/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2011-008/"
},
{
"name": "45292",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45292"
},
{
"name": "[oss-security] 20110628 Re: CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/28/6"
},
{
"name": "[oss-security] 20110628 Re: [Phpmyadmin-security] CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/28/8"
},
{
"name": "MDVSA-2011:124",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:124"
},
{
"name": "8306",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8306"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.phpmyadmin.net/home_page/security/PMASA-2011-5.php"
},
{
"name": "45139",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45139"
},
{
"name": "73611",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/73611"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commit%3Bh=7ebd958b2bf59f96fecd5b3322bdbd0b244a7967"
},
{
"name": "17514",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/17514/"
},
{
"name": "DSA-2286",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2286"
},
{
"name": "20110707 phpMyAdmin 3.x Multiple Remote Code Executions",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/518804/100/0/threaded"
},
{
"name": "[oss-security] 20110629 Re: CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/29/11"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ha.xxor.se/2011/07/phpmyadmin-3x-multiple-remote-code.html"
},
{
"name": "45315",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45315"
},
{
"name": "FEDORA-2011-9144",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062719.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-06-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "libraries/auth/swekey/swekey.auth.lib.php in the Swekey authentication feature in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 assigns values to arbitrary parameters referenced in the query string, which allows remote attackers to modify the SESSION superglobal array via a crafted request, related to a \"remote variable manipulation vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.xxor.se/advisories/phpMyAdmin_3.x_Multiple_Remote_Code_Executions.txt"
},
{
"name": "[oss-security] 20110628 CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/28/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2011-008/"
},
{
"name": "45292",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45292"
},
{
"name": "[oss-security] 20110628 Re: CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/28/6"
},
{
"name": "[oss-security] 20110628 Re: [Phpmyadmin-security] CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/28/8"
},
{
"name": "MDVSA-2011:124",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:124"
},
{
"name": "8306",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8306"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.phpmyadmin.net/home_page/security/PMASA-2011-5.php"
},
{
"name": "45139",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45139"
},
{
"name": "73611",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/73611"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commit%3Bh=7ebd958b2bf59f96fecd5b3322bdbd0b244a7967"
},
{
"name": "17514",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/17514/"
},
{
"name": "DSA-2286",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2286"
},
{
"name": "20110707 phpMyAdmin 3.x Multiple Remote Code Executions",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/518804/100/0/threaded"
},
{
"name": "[oss-security] 20110629 Re: CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/29/11"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ha.xxor.se/2011/07/phpmyadmin-3x-multiple-remote-code.html"
},
{
"name": "45315",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45315"
},
{
"name": "FEDORA-2011-9144",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062719.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-2505",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "libraries/auth/swekey/swekey.auth.lib.php in the Swekey authentication feature in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 assigns values to arbitrary parameters referenced in the query string, which allows remote attackers to modify the SESSION superglobal array via a crafted request, related to a \"remote variable manipulation vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.xxor.se/advisories/phpMyAdmin_3.x_Multiple_Remote_Code_Executions.txt",
"refsource": "MISC",
"url": "http://www.xxor.se/advisories/phpMyAdmin_3.x_Multiple_Remote_Code_Executions.txt"
},
{
"name": "[oss-security] 20110628 CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/06/28/2"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2011-008/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2011-008/"
},
{
"name": "45292",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45292"
},
{
"name": "[oss-security] 20110628 Re: CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/06/28/6"
},
{
"name": "[oss-security] 20110628 Re: [Phpmyadmin-security] CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/06/28/8"
},
{
"name": "MDVSA-2011:124",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:124"
},
{
"name": "8306",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8306"
},
{
"name": "http://www.phpmyadmin.net/home_page/security/PMASA-2011-5.php",
"refsource": "CONFIRM",
"url": "http://www.phpmyadmin.net/home_page/security/PMASA-2011-5.php"
},
{
"name": "45139",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45139"
},
{
"name": "73611",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/73611"
},
{
"name": "http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commit;h=7ebd958b2bf59f96fecd5b3322bdbd0b244a7967",
"refsource": "CONFIRM",
"url": "http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commit;h=7ebd958b2bf59f96fecd5b3322bdbd0b244a7967"
},
{
"name": "17514",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/17514/"
},
{
"name": "DSA-2286",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2286"
},
{
"name": "20110707 phpMyAdmin 3.x Multiple Remote Code Executions",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/518804/100/0/threaded"
},
{
"name": "[oss-security] 20110629 Re: CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/06/29/11"
},
{
"name": "http://ha.xxor.se/2011/07/phpmyadmin-3x-multiple-remote-code.html",
"refsource": "MISC",
"url": "http://ha.xxor.se/2011/07/phpmyadmin-3x-multiple-remote-code.html"
},
{
"name": "45315",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45315"
},
{
"name": "FEDORA-2011-9144",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062719.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-2505",
"datePublished": "2011-07-14T23:00:00",
"dateReserved": "2011-06-15T00:00:00",
"dateUpdated": "2024-08-06T23:00:34.116Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-2507 (GCVE-0-2011-2507)
Vulnerability from cvelistv5
Published
2011-07-14 23:00
Modified
2024-08-06 23:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
libraries/server_synchronize.lib.php in the Synchronize implementation in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 does not properly quote regular expressions, which allows remote authenticated users to inject a PCRE e (aka PREG_REPLACE_EVAL) modifier, and consequently execute arbitrary PHP code, by leveraging the ability to modify the SESSION superglobal array.
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:00:34.267Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.xxor.se/advisories/phpMyAdmin_3.x_Multiple_Remote_Code_Executions.txt"
},
{
"name": "[oss-security] 20110628 CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/28/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2011-008/"
},
{
"name": "45292",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45292"
},
{
"name": "[oss-security] 20110628 Re: CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/28/6"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.phpmyadmin.net/home_page/security/PMASA-2011-7.php"
},
{
"name": "[oss-security] 20110628 Re: [Phpmyadmin-security] CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/28/8"
},
{
"name": "MDVSA-2011:124",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:124"
},
{
"name": "8306",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8306"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commit%3Bh=69fb0f8e7dc38075427aceaf09bcac697d0590ff"
},
{
"name": "45139",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45139"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ha.xxor.se/2011/07/phpmyadmin-3x-pregreplace-rce-poc.html"
},
{
"name": "DSA-2286",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2286"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://0x6a616d6573.blogspot.com/2011/07/phpmyadmin-fud.html"
},
{
"name": "20110707 phpMyAdmin 3.x Multiple Remote Code Executions",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/518804/100/0/threaded"
},
{
"name": "[oss-security] 20110629 Re: CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/29/11"
},
{
"name": "73613",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/73613"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ha.xxor.se/2011/07/phpmyadmin-3x-multiple-remote-code.html"
},
{
"name": "45315",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45315"
},
{
"name": "FEDORA-2011-9144",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062719.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-06-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "libraries/server_synchronize.lib.php in the Synchronize implementation in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 does not properly quote regular expressions, which allows remote authenticated users to inject a PCRE e (aka PREG_REPLACE_EVAL) modifier, and consequently execute arbitrary PHP code, by leveraging the ability to modify the SESSION superglobal array."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.xxor.se/advisories/phpMyAdmin_3.x_Multiple_Remote_Code_Executions.txt"
},
{
"name": "[oss-security] 20110628 CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/28/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2011-008/"
},
{
"name": "45292",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45292"
},
{
"name": "[oss-security] 20110628 Re: CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/28/6"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.phpmyadmin.net/home_page/security/PMASA-2011-7.php"
},
{
"name": "[oss-security] 20110628 Re: [Phpmyadmin-security] CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/28/8"
},
{
"name": "MDVSA-2011:124",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:124"
},
{
"name": "8306",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8306"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commit%3Bh=69fb0f8e7dc38075427aceaf09bcac697d0590ff"
},
{
"name": "45139",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45139"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ha.xxor.se/2011/07/phpmyadmin-3x-pregreplace-rce-poc.html"
},
{
"name": "DSA-2286",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2286"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://0x6a616d6573.blogspot.com/2011/07/phpmyadmin-fud.html"
},
{
"name": "20110707 phpMyAdmin 3.x Multiple Remote Code Executions",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/518804/100/0/threaded"
},
{
"name": "[oss-security] 20110629 Re: CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/29/11"
},
{
"name": "73613",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/73613"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ha.xxor.se/2011/07/phpmyadmin-3x-multiple-remote-code.html"
},
{
"name": "45315",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45315"
},
{
"name": "FEDORA-2011-9144",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062719.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-2507",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "libraries/server_synchronize.lib.php in the Synchronize implementation in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 does not properly quote regular expressions, which allows remote authenticated users to inject a PCRE e (aka PREG_REPLACE_EVAL) modifier, and consequently execute arbitrary PHP code, by leveraging the ability to modify the SESSION superglobal array."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.xxor.se/advisories/phpMyAdmin_3.x_Multiple_Remote_Code_Executions.txt",
"refsource": "MISC",
"url": "http://www.xxor.se/advisories/phpMyAdmin_3.x_Multiple_Remote_Code_Executions.txt"
},
{
"name": "[oss-security] 20110628 CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/06/28/2"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2011-008/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2011-008/"
},
{
"name": "45292",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45292"
},
{
"name": "[oss-security] 20110628 Re: CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/06/28/6"
},
{
"name": "http://www.phpmyadmin.net/home_page/security/PMASA-2011-7.php",
"refsource": "CONFIRM",
"url": "http://www.phpmyadmin.net/home_page/security/PMASA-2011-7.php"
},
{
"name": "[oss-security] 20110628 Re: [Phpmyadmin-security] CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/06/28/8"
},
{
"name": "MDVSA-2011:124",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:124"
},
{
"name": "8306",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8306"
},
{
"name": "http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commit;h=69fb0f8e7dc38075427aceaf09bcac697d0590ff",
"refsource": "CONFIRM",
"url": "http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commit;h=69fb0f8e7dc38075427aceaf09bcac697d0590ff"
},
{
"name": "45139",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45139"
},
{
"name": "http://ha.xxor.se/2011/07/phpmyadmin-3x-pregreplace-rce-poc.html",
"refsource": "MISC",
"url": "http://ha.xxor.se/2011/07/phpmyadmin-3x-pregreplace-rce-poc.html"
},
{
"name": "DSA-2286",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2286"
},
{
"name": "http://0x6a616d6573.blogspot.com/2011/07/phpmyadmin-fud.html",
"refsource": "MISC",
"url": "http://0x6a616d6573.blogspot.com/2011/07/phpmyadmin-fud.html"
},
{
"name": "20110707 phpMyAdmin 3.x Multiple Remote Code Executions",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/518804/100/0/threaded"
},
{
"name": "[oss-security] 20110629 Re: CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/06/29/11"
},
{
"name": "73613",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/73613"
},
{
"name": "http://ha.xxor.se/2011/07/phpmyadmin-3x-multiple-remote-code.html",
"refsource": "MISC",
"url": "http://ha.xxor.se/2011/07/phpmyadmin-3x-multiple-remote-code.html"
},
{
"name": "45315",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45315"
},
{
"name": "FEDORA-2011-9144",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062719.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-2507",
"datePublished": "2011-07-14T23:00:00",
"dateReserved": "2011-06-15T00:00:00",
"dateUpdated": "2024-08-06T23:00:34.267Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-2508 (GCVE-0-2011-2508)
Vulnerability from cvelistv5
Published
2011-07-14 23:00
Modified
2024-08-06 23:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Directory traversal vulnerability in libraries/display_tbl.lib.php in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1, when a certain MIME transformation feature is enabled, allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in a GLOBALS[mime_map][$meta->name][transformation] parameter.
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:00:34.071Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.xxor.se/advisories/phpMyAdmin_3.x_Multiple_Remote_Code_Executions.txt"
},
{
"name": "[oss-security] 20110628 CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/28/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2011-008/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.phpmyadmin.net/home_page/security/PMASA-2011-8.php"
},
{
"name": "45292",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45292"
},
{
"name": "[oss-security] 20110628 Re: CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/28/6"
},
{
"name": "[oss-security] 20110628 Re: [Phpmyadmin-security] CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/28/8"
},
{
"name": "73614",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/73614"
},
{
"name": "MDVSA-2011:124",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:124"
},
{
"name": "8306",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8306"
},
{
"name": "45139",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45139"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commit%3Bh=b434320eff8ca9c2fc1b043c1804f868341af9a7"
},
{
"name": "DSA-2286",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2286"
},
{
"name": "20110707 phpMyAdmin 3.x Multiple Remote Code Executions",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/518804/100/0/threaded"
},
{
"name": "[oss-security] 20110629 Re: CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/29/11"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ha.xxor.se/2011/07/phpmyadmin-3x-multiple-remote-code.html"
},
{
"name": "45315",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45315"
},
{
"name": "FEDORA-2011-9144",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062719.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-06-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in libraries/display_tbl.lib.php in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1, when a certain MIME transformation feature is enabled, allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in a GLOBALS[mime_map][$meta-\u003ename][transformation] parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.xxor.se/advisories/phpMyAdmin_3.x_Multiple_Remote_Code_Executions.txt"
},
{
"name": "[oss-security] 20110628 CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/28/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2011-008/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.phpmyadmin.net/home_page/security/PMASA-2011-8.php"
},
{
"name": "45292",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45292"
},
{
"name": "[oss-security] 20110628 Re: CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/28/6"
},
{
"name": "[oss-security] 20110628 Re: [Phpmyadmin-security] CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/28/8"
},
{
"name": "73614",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/73614"
},
{
"name": "MDVSA-2011:124",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:124"
},
{
"name": "8306",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8306"
},
{
"name": "45139",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45139"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commit%3Bh=b434320eff8ca9c2fc1b043c1804f868341af9a7"
},
{
"name": "DSA-2286",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2286"
},
{
"name": "20110707 phpMyAdmin 3.x Multiple Remote Code Executions",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/518804/100/0/threaded"
},
{
"name": "[oss-security] 20110629 Re: CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/29/11"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ha.xxor.se/2011/07/phpmyadmin-3x-multiple-remote-code.html"
},
{
"name": "45315",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45315"
},
{
"name": "FEDORA-2011-9144",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062719.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-2508",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in libraries/display_tbl.lib.php in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1, when a certain MIME transformation feature is enabled, allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in a GLOBALS[mime_map][$meta-\u003ename][transformation] parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.xxor.se/advisories/phpMyAdmin_3.x_Multiple_Remote_Code_Executions.txt",
"refsource": "MISC",
"url": "http://www.xxor.se/advisories/phpMyAdmin_3.x_Multiple_Remote_Code_Executions.txt"
},
{
"name": "[oss-security] 20110628 CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/06/28/2"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2011-008/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2011-008/"
},
{
"name": "http://www.phpmyadmin.net/home_page/security/PMASA-2011-8.php",
"refsource": "CONFIRM",
"url": "http://www.phpmyadmin.net/home_page/security/PMASA-2011-8.php"
},
{
"name": "45292",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45292"
},
{
"name": "[oss-security] 20110628 Re: CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/06/28/6"
},
{
"name": "[oss-security] 20110628 Re: [Phpmyadmin-security] CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/06/28/8"
},
{
"name": "73614",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/73614"
},
{
"name": "MDVSA-2011:124",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:124"
},
{
"name": "8306",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8306"
},
{
"name": "45139",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45139"
},
{
"name": "http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commit;h=b434320eff8ca9c2fc1b043c1804f868341af9a7",
"refsource": "CONFIRM",
"url": "http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commit;h=b434320eff8ca9c2fc1b043c1804f868341af9a7"
},
{
"name": "DSA-2286",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2286"
},
{
"name": "20110707 phpMyAdmin 3.x Multiple Remote Code Executions",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/518804/100/0/threaded"
},
{
"name": "[oss-security] 20110629 Re: CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/06/29/11"
},
{
"name": "http://ha.xxor.se/2011/07/phpmyadmin-3x-multiple-remote-code.html",
"refsource": "MISC",
"url": "http://ha.xxor.se/2011/07/phpmyadmin-3x-multiple-remote-code.html"
},
{
"name": "45315",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45315"
},
{
"name": "FEDORA-2011-9144",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062719.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-2508",
"datePublished": "2011-07-14T23:00:00",
"dateReserved": "2011-06-15T00:00:00",
"dateUpdated": "2024-08-06T23:00:34.071Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…