cvelistv5 - cve-2011-2507

CVE-2011-2507 (GCVE-0-2011-2507)

Vulnerability from cvelistv5

Published

2011-07-14 23:00

Modified

2024-08-06 23:00

Severity ?

CWE

Summary

libraries/server_synchronize.lib.php in the Synchronize implementation in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 does not properly quote regular expressions, which allows remote authenticated users to inject a PCRE e (aka PREG_REPLACE_EVAL) modifier, and consequently execute arbitrary PHP code, by leveraging the ability to modify the SESSION superglobal array.

References

URL

Tags

secalert@redhat.com	http://0x6a616d6573.blogspot.com/2011/07/phpmyadmin-fud.html
secalert@redhat.com	http://ha.xxor.se/2011/07/phpmyadmin-3x-multiple-remote-code.html	Exploit
secalert@redhat.com	http://ha.xxor.se/2011/07/phpmyadmin-3x-pregreplace-rce-poc.html	Exploit
secalert@redhat.com	http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062719.html
secalert@redhat.com	http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commit%3Bh=69fb0f8e7dc38075427aceaf09bcac697d0590ff
secalert@redhat.com	http://secunia.com/advisories/45139	Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/45292
secalert@redhat.com	http://secunia.com/advisories/45315
secalert@redhat.com	http://securityreason.com/securityalert/8306
secalert@redhat.com	http://typo3.org/teams/security/security-bulletins/typo3-sa-2011-008/
secalert@redhat.com	http://www.debian.org/security/2011/dsa-2286
secalert@redhat.com	http://www.mandriva.com/security/advisories?name=MDVSA-2011:124
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2011/06/28/2
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2011/06/28/6
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2011/06/28/8
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2011/06/29/11
secalert@redhat.com	http://www.osvdb.org/73613
secalert@redhat.com	http://www.phpmyadmin.net/home_page/security/PMASA-2011-7.php	Patch, Vendor Advisory
secalert@redhat.com	http://www.securityfocus.com/archive/1/518804/100/0/threaded
secalert@redhat.com	http://www.xxor.se/advisories/phpMyAdmin_3.x_Multiple_Remote_Code_Executions.txt
af854a3a-2127-422b-91ae-364da2661108	http://0x6a616d6573.blogspot.com/2011/07/phpmyadmin-fud.html
af854a3a-2127-422b-91ae-364da2661108	http://ha.xxor.se/2011/07/phpmyadmin-3x-multiple-remote-code.html	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://ha.xxor.se/2011/07/phpmyadmin-3x-pregreplace-rce-poc.html	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062719.html
af854a3a-2127-422b-91ae-364da2661108	http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commit%3Bh=69fb0f8e7dc38075427aceaf09bcac697d0590ff
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/45139	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/45292
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/45315
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/8306
af854a3a-2127-422b-91ae-364da2661108	http://typo3.org/teams/security/security-bulletins/typo3-sa-2011-008/
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2011/dsa-2286
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2011:124
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2011/06/28/2
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2011/06/28/6
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2011/06/28/8
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2011/06/29/11
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/73613
af854a3a-2127-422b-91ae-364da2661108	http://www.phpmyadmin.net/home_page/security/PMASA-2011-7.php	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/518804/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.xxor.se/advisories/phpMyAdmin_3.x_Multiple_Remote_Code_Executions.txt

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T23:00:34.267Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.xxor.se/advisories/phpMyAdmin_3.x_Multiple_Remote_Code_Executions.txt"
          },
          {
            "name": "[oss-security] 20110628 CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2011/06/28/2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2011-008/"
          },
          {
            "name": "45292",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/45292"
          },
          {
            "name": "[oss-security] 20110628 Re: CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2011/06/28/6"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.phpmyadmin.net/home_page/security/PMASA-2011-7.php"
          },
          {
            "name": "[oss-security] 20110628 Re: [Phpmyadmin-security] CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2011/06/28/8"
          },
          {
            "name": "MDVSA-2011:124",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:124"
          },
          {
            "name": "8306",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/8306"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commit%3Bh=69fb0f8e7dc38075427aceaf09bcac697d0590ff"
          },
          {
            "name": "45139",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/45139"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://ha.xxor.se/2011/07/phpmyadmin-3x-pregreplace-rce-poc.html"
          },
          {
            "name": "DSA-2286",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2011/dsa-2286"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://0x6a616d6573.blogspot.com/2011/07/phpmyadmin-fud.html"
          },
          {
            "name": "20110707 phpMyAdmin 3.x Multiple Remote Code Executions",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/518804/100/0/threaded"
          },
          {
            "name": "[oss-security] 20110629 Re: CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2011/06/29/11"
          },
          {
            "name": "73613",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/73613"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://ha.xxor.se/2011/07/phpmyadmin-3x-multiple-remote-code.html"
          },
          {
            "name": "45315",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/45315"
          },
          {
            "name": "FEDORA-2011-9144",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062719.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-06-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "libraries/server_synchronize.lib.php in the Synchronize implementation in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 does not properly quote regular expressions, which allows remote authenticated users to inject a PCRE e (aka PREG_REPLACE_EVAL) modifier, and consequently execute arbitrary PHP code, by leveraging the ability to modify the SESSION superglobal array."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-09T18:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.xxor.se/advisories/phpMyAdmin_3.x_Multiple_Remote_Code_Executions.txt"
        },
        {
          "name": "[oss-security] 20110628 CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2011/06/28/2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2011-008/"
        },
        {
          "name": "45292",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/45292"
        },
        {
          "name": "[oss-security] 20110628 Re: CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2011/06/28/6"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.phpmyadmin.net/home_page/security/PMASA-2011-7.php"
        },
        {
          "name": "[oss-security] 20110628 Re: [Phpmyadmin-security] CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2011/06/28/8"
        },
        {
          "name": "MDVSA-2011:124",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:124"
        },
        {
          "name": "8306",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/8306"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commit%3Bh=69fb0f8e7dc38075427aceaf09bcac697d0590ff"
        },
        {
          "name": "45139",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/45139"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://ha.xxor.se/2011/07/phpmyadmin-3x-pregreplace-rce-poc.html"
        },
        {
          "name": "DSA-2286",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2011/dsa-2286"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://0x6a616d6573.blogspot.com/2011/07/phpmyadmin-fud.html"
        },
        {
          "name": "20110707 phpMyAdmin 3.x Multiple Remote Code Executions",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/518804/100/0/threaded"
        },
        {
          "name": "[oss-security] 20110629 Re: CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2011/06/29/11"
        },
        {
          "name": "73613",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/73613"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://ha.xxor.se/2011/07/phpmyadmin-3x-multiple-remote-code.html"
        },
        {
          "name": "45315",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/45315"
        },
        {
          "name": "FEDORA-2011-9144",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062719.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2011-2507",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "libraries/server_synchronize.lib.php in the Synchronize implementation in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 does not properly quote regular expressions, which allows remote authenticated users to inject a PCRE e (aka PREG_REPLACE_EVAL) modifier, and consequently execute arbitrary PHP code, by leveraging the ability to modify the SESSION superglobal array."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.xxor.se/advisories/phpMyAdmin_3.x_Multiple_Remote_Code_Executions.txt",
              "refsource": "MISC",
              "url": "http://www.xxor.se/advisories/phpMyAdmin_3.x_Multiple_Remote_Code_Executions.txt"
            },
            {
              "name": "[oss-security] 20110628 CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2011/06/28/2"
            },
            {
              "name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2011-008/",
              "refsource": "CONFIRM",
              "url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2011-008/"
            },
            {
              "name": "45292",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/45292"
            },
            {
              "name": "[oss-security] 20110628 Re: CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2011/06/28/6"
            },
            {
              "name": "http://www.phpmyadmin.net/home_page/security/PMASA-2011-7.php",
              "refsource": "CONFIRM",
              "url": "http://www.phpmyadmin.net/home_page/security/PMASA-2011-7.php"
            },
            {
              "name": "[oss-security] 20110628 Re: [Phpmyadmin-security] CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2011/06/28/8"
            },
            {
              "name": "MDVSA-2011:124",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:124"
            },
            {
              "name": "8306",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/8306"
            },
            {
              "name": "http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commit;h=69fb0f8e7dc38075427aceaf09bcac697d0590ff",
              "refsource": "CONFIRM",
              "url": "http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commit;h=69fb0f8e7dc38075427aceaf09bcac697d0590ff"
            },
            {
              "name": "45139",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/45139"
            },
            {
              "name": "http://ha.xxor.se/2011/07/phpmyadmin-3x-pregreplace-rce-poc.html",
              "refsource": "MISC",
              "url": "http://ha.xxor.se/2011/07/phpmyadmin-3x-pregreplace-rce-poc.html"
            },
            {
              "name": "DSA-2286",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2011/dsa-2286"
            },
            {
              "name": "http://0x6a616d6573.blogspot.com/2011/07/phpmyadmin-fud.html",
              "refsource": "MISC",
              "url": "http://0x6a616d6573.blogspot.com/2011/07/phpmyadmin-fud.html"
            },
            {
              "name": "20110707 phpMyAdmin 3.x Multiple Remote Code Executions",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/518804/100/0/threaded"
            },
            {
              "name": "[oss-security] 20110629 Re: CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2011/06/29/11"
            },
            {
              "name": "73613",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/73613"
            },
            {
              "name": "http://ha.xxor.se/2011/07/phpmyadmin-3x-multiple-remote-code.html",
              "refsource": "MISC",
              "url": "http://ha.xxor.se/2011/07/phpmyadmin-3x-multiple-remote-code.html"
            },
            {
              "name": "45315",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/45315"
            },
            {
              "name": "FEDORA-2011-9144",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062719.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2011-2507",
    "datePublished": "2011-07-14T23:00:00",
    "dateReserved": "2011-06-15T00:00:00",
    "dateUpdated": "2024-08-06T23:00:34.267Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2011-2507\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2011-07-14T23:55:04.973\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"libraries/server_synchronize.lib.php in the Synchronize implementation in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 does not properly quote regular expressions, which allows remote authenticated users to inject a PCRE e (aka PREG_REPLACE_EVAL) modifier, and consequently execute arbitrary PHP code, by leveraging the ability to modify the SESSION superglobal array.\"},{\"lang\":\"es\",\"value\":\"libraries/server_synchronize.lib.php en la implementaci\u00f3n Synchronize en phpMyAdmin v3.x anterior a v3.3.10.2 y v3.4.x anterior a v3.4.3.1 no entrecomilla correctamente las expresiones regulares, permitiendo a usuarios remotos autenticados inyectar  PCRE  (conocido como PREG_REPLACE_EVAL) y ejecutar c\u00f3digo PHP arbitrario, mediante la modificaci\u00f3n del array superglobal SESI\u00d3N.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:P/I:P/A:P\",\"baseScore\":6.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-94\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:3.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7ED38B88-A4D2-40B4-A5A8-A9FD1BCAAF8F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:3.0.0:alpha:*:*:*:*:*:*\",\"matchCriteriaId\":\"5E5D29CC-12CE-43D3-A135-C148542E5AAF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:3.0.0:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"BAF28FF5-6FF5-47D8-BEB9-D54E58C0740F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:3.0.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"613C697A-7CFF-4529-BD15-0ED4B753527A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:3.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"56908EFC-CCA8-4B22-8F8F-FB23C934D6E5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:3.0.1:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"82DFC89B-F989-41C5-87E2-11A259E7F5C0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:3.0.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F21917E9-A820-4A5F-B38B-E3E0F79A380C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:3.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"400E2D41-CB1F-4E5C-B08D-35294F8D1402\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:3.1.0:beta1:*:*:*:*:*:*\",\"matchCriteriaId\":\"16247466-32B5-4632-9F4E-92A70ED9604D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:3.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4AFEEBA-01BA-46D6-86A3-B1B5A8F1B5FB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:3.1.1:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"3F72014B-B168-4FFA-ADDC-86CE84D19681\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:3.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AFFE8553-D8FF-4BA3-9325-A3C366FDFBEB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:3.1.2:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"72CD1784-3F48-49B5-A154-61C1F7EC3F61\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:3.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CAAA1171-F570-4E4D-B667-2D4C8F8ECDD0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:3.1.3:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"278B4EF3-4331-4334-AB55-EC05C069F48A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:3.1.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4943CF80-91E5-42CD-BD51-6CAFC83EA5A7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:3.1.3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D0284F72-2126-4BE8-90CA-82D2E4B3E96D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:3.1.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C24AEFB1-7070-4F9B-BCDA-60F33C17D536\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:3.1.4:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"E8D735F4-165E-45C9-BF3B-9B618A8E3720\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:3.1.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"62E60F6F-C855-45BF-8840-398FA62626EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:3.1.5:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4EDCE1E-436A-4369-A734-7D620F5D89B6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:3.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"98051D18-43E3-47D6-A8D4-AD9F0C8B0A7F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:3.2.0:beta1:*:*:*:*:*:*\",\"matchCriteriaId\":\"6B468BEA-022D-48A9-8E52-31D78F28E871\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:3.2.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"78BC489B-E02E-4C6E-9EA1-EDC926EBA5BD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:3.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BDCB1657-8C8F-44FE-8C1D-BF191DE70657\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:3.2.1:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"35F44A77-1169-4A0D-8864-EB7AF56324AB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:3.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AE0CFF97-8F8B-405D-BA59-B88C1C07A4C0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:3.2.2:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"BA3C0B46-3964-4A22-9AD4-4F4C8B4B4790\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"84100813-C889-4DB0-8D86-E78A047B7C7C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B99F558E-F696-467D-8C8B-5CFFED2A95D0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"85BA84E5-8631-478C-8229-CFF36F61569A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"77430AB8-6EAA-4C99-9700-E5015F8D56FA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8CFADB43-A63B-4A58-9A9D-232B0CA3F9DC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"89FC756B-8CF7-4F57-A6AA-8C074F14BCA0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3EE1361B-D70B-45B9-BD2F-7C049D96928A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"06EE0CCB-559F-457B-A1EC-79D0680DCDD8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"00826A60-50A4-4E05-B317-8D0A5FC637BC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7AC1AECC-6521-4D9D-88D5-86DA8BDB1D26\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.8.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"79093150-F515-42D9-AEF2-86C0C4B1B8AD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1FE65F49-CDED-49B0-89F4-CE52E357069A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.9.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4B29D2E6-F327-4B19-B33F-E888F8B81E7B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.9.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7C579327-8F92-41AF-926A-86442063A83D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8C3F84C4-883B-48DC-9181-E54A87DC973B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.10.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2C10C216-594B-4F08-B86E-A476A452189B\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2C714361-7AE3-4DC2-994C-7C67B41226B0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2A3CED16-3ECE-49F6-A52B-0222B14DBC88\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E4938BCE-1365-469A-B714-A5D9C451FA20\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"35F46942-E054-43E4-9543-E126738845E2\"}]}]}],\"references\":[{\"url\":\"http://0x6a616d6573.blogspot.com/2011/07/phpmyadmin-fud.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://ha.xxor.se/2011/07/phpmyadmin-3x-multiple-remote-code.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Exploit\"]},{\"url\":\"http://ha.xxor.se/2011/07/phpmyadmin-3x-pregreplace-rce-poc.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Exploit\"]},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062719.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commit%3Bh=69fb0f8e7dc38075427aceaf09bcac697d0590ff\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/45139\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/45292\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/45315\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://securityreason.com/securityalert/8306\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://typo3.org/teams/security/security-bulletins/typo3-sa-2011-008/\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.debian.org/security/2011/dsa-2286\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2011:124\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2011/06/28/2\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2011/06/28/6\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2011/06/28/8\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2011/06/29/11\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.osvdb.org/73613\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.phpmyadmin.net/home_page/security/PMASA-2011-7.php\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/archive/1/518804/100/0/threaded\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.xxor.se/advisories/phpMyAdmin_3.x_Multiple_Remote_Code_Executions.txt\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://0x6a616d6573.blogspot.com/2011/07/phpmyadmin-fud.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://ha.xxor.se/2011/07/phpmyadmin-3x-multiple-remote-code.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://ha.xxor.se/2011/07/phpmyadmin-3x-pregreplace-rce-poc.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062719.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commit%3Bh=69fb0f8e7dc38075427aceaf09bcac697d0590ff\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/45139\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/45292\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/45315\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securityreason.com/securityalert/8306\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://typo3.org/teams/security/security-bulletins/typo3-sa-2011-008/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.debian.org/security/2011/dsa-2286\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2011:124\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2011/06/28/2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2011/06/28/6\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2011/06/28/8\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2011/06/29/11\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.osvdb.org/73613\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.phpmyadmin.net/home_page/security/PMASA-2011-7.php\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/archive/1/518804/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.xxor.se/advisories/phpMyAdmin_3.x_Multiple_Remote_Code_Executions.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

CERTA-2011-AVI-380

Vulnerability from certfr_avis

Plusieurs vulnérabilités dans phpMyAdmin permettent à un utilisateur distant d'exécuter du code arbitraire, de porter atteinte à l'intégrité ou à la confidentialité de certaines données.

Description

Plusieurs vulnérabilités sont présentes dans phpMyAdmin :

la première permet de modifier le contenu de certaines variables de session et ce faisant d'exécuter du code arbitraire ;
la seconde concerne un manque de contrôle sur certaines URL passées au serveur et permet d'exécuter du code arbitraire à distance ;
la troisième vulnérabilité relative à un manque de contrôle des expressions régulières permet de conduire des attaques de type traversée de répertoire ;
la dernière concerne également un problème de traversée de répertoire lié à la gestion de certains types MIME.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	phpMyAdmin	phpMyAdmin	phpMyAdmin versions 3.4.3.0 et antérieures.
	phpMyAdmin	phpMyAdmin	phpMyAdmin versions 3.3.10.1 et antérieures ;

References

Title

Publication Time

ghsa-rm5v-f378-qgp9

Vulnerability from github

Published

2022-05-14 02:55

Modified

2025-04-11 03:48

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2011-2507"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-94"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2011-07-14T23:55:00Z",
    "severity": "MODERATE"
  },
  "details": "libraries/server_synchronize.lib.php in the Synchronize implementation in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 does not properly quote regular expressions, which allows remote authenticated users to inject a PCRE e (aka PREG_REPLACE_EVAL) modifier, and consequently execute arbitrary PHP code, by leveraging the ability to modify the SESSION superglobal array.",
  "id": "GHSA-rm5v-f378-qgp9",
  "modified": "2025-04-11T03:48:37Z",
  "published": "2022-05-14T02:55:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-2507"
    },
    {
      "type": "WEB",
      "url": "http://0x6a616d6573.blogspot.com/2011/07/phpmyadmin-fud.html"
    },
    {
      "type": "WEB",
      "url": "http://ha.xxor.se/2011/07/phpmyadmin-3x-multiple-remote-code.html"
    },
    {
      "type": "WEB",
      "url": "http://ha.xxor.se/2011/07/phpmyadmin-3x-pregreplace-rce-poc.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062719.html"
    },
    {
      "type": "WEB",
      "url": "http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commit%3Bh=69fb0f8e7dc38075427aceaf09bcac697d0590ff"
    },
    {
      "type": "WEB",
      "url": "http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commit;h=69fb0f8e7dc38075427aceaf09bcac697d0590ff"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/45139"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/45292"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/45315"
    },
    {
      "type": "WEB",
      "url": "http://securityreason.com/securityalert/8306"
    },
    {
      "type": "WEB",
      "url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2011-008"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2011/dsa-2286"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:124"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2011/06/28/2"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2011/06/28/6"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2011/06/28/8"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2011/06/29/11"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/73613"
    },
    {
      "type": "WEB",
      "url": "http://www.phpmyadmin.net/home_page/security/PMASA-2011-7.php"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/518804/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.xxor.se/advisories/phpMyAdmin_3.x_Multiple_Remote_Code_Executions.txt"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

gsd-2011-2507

Vulnerability from gsd

Modified

2023-12-13 01:19

Details

Aliases

CVE-2011-2507

Aliases

CVE-2011-2507

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2011-2507",
    "description": "libraries/server_synchronize.lib.php in the Synchronize implementation in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 does not properly quote regular expressions, which allows remote authenticated users to inject a PCRE e (aka PREG_REPLACE_EVAL) modifier, and consequently execute arbitrary PHP code, by leveraging the ability to modify the SESSION superglobal array.",
    "id": "GSD-2011-2507",
    "references": [
      "https://www.debian.org/security/2011/dsa-2286",
      "https://packetstormsecurity.com/files/cve/CVE-2011-2507"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2011-2507"
      ],
      "details": "libraries/server_synchronize.lib.php in the Synchronize implementation in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 does not properly quote regular expressions, which allows remote authenticated users to inject a PCRE e (aka PREG_REPLACE_EVAL) modifier, and consequently execute arbitrary PHP code, by leveraging the ability to modify the SESSION superglobal array.",
      "id": "GSD-2011-2507",
      "modified": "2023-12-13T01:19:07.222333Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2011-2507",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "libraries/server_synchronize.lib.php in the Synchronize implementation in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 does not properly quote regular expressions, which allows remote authenticated users to inject a PCRE e (aka PREG_REPLACE_EVAL) modifier, and consequently execute arbitrary PHP code, by leveraging the ability to modify the SESSION superglobal array."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://www.xxor.se/advisories/phpMyAdmin_3.x_Multiple_Remote_Code_Executions.txt",
            "refsource": "MISC",
            "url": "http://www.xxor.se/advisories/phpMyAdmin_3.x_Multiple_Remote_Code_Executions.txt"
          },
          {
            "name": "[oss-security] 20110628 CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2011/06/28/2"
          },
          {
            "name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2011-008/",
            "refsource": "CONFIRM",
            "url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2011-008/"
          },
          {
            "name": "45292",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/45292"
          },
          {
            "name": "[oss-security] 20110628 Re: CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2011/06/28/6"
          },
          {
            "name": "http://www.phpmyadmin.net/home_page/security/PMASA-2011-7.php",
            "refsource": "CONFIRM",
            "url": "http://www.phpmyadmin.net/home_page/security/PMASA-2011-7.php"
          },
          {
            "name": "[oss-security] 20110628 Re: [Phpmyadmin-security] CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2011/06/28/8"
          },
          {
            "name": "MDVSA-2011:124",
            "refsource": "MANDRIVA",
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:124"
          },
          {
            "name": "8306",
            "refsource": "SREASON",
            "url": "http://securityreason.com/securityalert/8306"
          },
          {
            "name": "http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commit;h=69fb0f8e7dc38075427aceaf09bcac697d0590ff",
            "refsource": "CONFIRM",
            "url": "http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commit;h=69fb0f8e7dc38075427aceaf09bcac697d0590ff"
          },
          {
            "name": "45139",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/45139"
          },
          {
            "name": "http://ha.xxor.se/2011/07/phpmyadmin-3x-pregreplace-rce-poc.html",
            "refsource": "MISC",
            "url": "http://ha.xxor.se/2011/07/phpmyadmin-3x-pregreplace-rce-poc.html"
          },
          {
            "name": "DSA-2286",
            "refsource": "DEBIAN",
            "url": "http://www.debian.org/security/2011/dsa-2286"
          },
          {
            "name": "http://0x6a616d6573.blogspot.com/2011/07/phpmyadmin-fud.html",
            "refsource": "MISC",
            "url": "http://0x6a616d6573.blogspot.com/2011/07/phpmyadmin-fud.html"
          },
          {
            "name": "20110707 phpMyAdmin 3.x Multiple Remote Code Executions",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/518804/100/0/threaded"
          },
          {
            "name": "[oss-security] 20110629 Re: CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2011/06/29/11"
          },
          {
            "name": "73613",
            "refsource": "OSVDB",
            "url": "http://www.osvdb.org/73613"
          },
          {
            "name": "http://ha.xxor.se/2011/07/phpmyadmin-3x-multiple-remote-code.html",
            "refsource": "MISC",
            "url": "http://ha.xxor.se/2011/07/phpmyadmin-3x-multiple-remote-code.html"
          },
          {
            "name": "45315",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/45315"
          },
          {
            "name": "FEDORA-2011-9144",
            "refsource": "FEDORA",
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062719.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.1.4:rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.0.0:beta:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.1.0:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.1.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.1.1:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.10.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.8.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.0.1:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.1.3.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.1.2:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.9.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.1.5:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.2.0:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.2.0:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.1.3:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.1.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.2.2:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.0.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.0.0:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.0.0:alpha:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.1.3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.2.1:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.9.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.10.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2011-2507"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "libraries/server_synchronize.lib.php in the Synchronize implementation in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 does not properly quote regular expressions, which allows remote authenticated users to inject a PCRE e (aka PREG_REPLACE_EVAL) modifier, and consequently execute arbitrary PHP code, by leveraging the ability to modify the SESSION superglobal array."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-94"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://0x6a616d6573.blogspot.com/2011/07/phpmyadmin-fud.html",
              "refsource": "MISC",
              "tags": [],
              "url": "http://0x6a616d6573.blogspot.com/2011/07/phpmyadmin-fud.html"
            },
            {
              "name": "http://www.phpmyadmin.net/home_page/security/PMASA-2011-7.php",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.phpmyadmin.net/home_page/security/PMASA-2011-7.php"
            },
            {
              "name": "45139",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/45139"
            },
            {
              "name": "[oss-security] 20110629 Re: CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities",
              "refsource": "MLIST",
              "tags": [],
              "url": "http://www.openwall.com/lists/oss-security/2011/06/29/11"
            },
            {
              "name": "[oss-security] 20110628 Re: CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities",
              "refsource": "MLIST",
              "tags": [],
              "url": "http://www.openwall.com/lists/oss-security/2011/06/28/6"
            },
            {
              "name": "[oss-security] 20110628 CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities",
              "refsource": "MLIST",
              "tags": [],
              "url": "http://www.openwall.com/lists/oss-security/2011/06/28/2"
            },
            {
              "name": "http://ha.xxor.se/2011/07/phpmyadmin-3x-pregreplace-rce-poc.html",
              "refsource": "MISC",
              "tags": [
                "Exploit"
              ],
              "url": "http://ha.xxor.se/2011/07/phpmyadmin-3x-pregreplace-rce-poc.html"
            },
            {
              "name": "http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commit;h=69fb0f8e7dc38075427aceaf09bcac697d0590ff",
              "refsource": "CONFIRM",
              "tags": [
                "Patch"
              ],
              "url": "http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commit;h=69fb0f8e7dc38075427aceaf09bcac697d0590ff"
            },
            {
              "name": "73613",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://www.osvdb.org/73613"
            },
            {
              "name": "http://www.xxor.se/advisories/phpMyAdmin_3.x_Multiple_Remote_Code_Executions.txt",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.xxor.se/advisories/phpMyAdmin_3.x_Multiple_Remote_Code_Executions.txt"
            },
            {
              "name": "[oss-security] 20110628 Re: [Phpmyadmin-security] CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities",
              "refsource": "MLIST",
              "tags": [],
              "url": "http://www.openwall.com/lists/oss-security/2011/06/28/8"
            },
            {
              "name": "http://ha.xxor.se/2011/07/phpmyadmin-3x-multiple-remote-code.html",
              "refsource": "MISC",
              "tags": [
                "Exploit"
              ],
              "url": "http://ha.xxor.se/2011/07/phpmyadmin-3x-multiple-remote-code.html"
            },
            {
              "name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2011-008/",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2011-008/"
            },
            {
              "name": "FEDORA-2011-9144",
              "refsource": "FEDORA",
              "tags": [],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062719.html"
            },
            {
              "name": "45292",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/45292"
            },
            {
              "name": "DSA-2286",
              "refsource": "DEBIAN",
              "tags": [],
              "url": "http://www.debian.org/security/2011/dsa-2286"
            },
            {
              "name": "45315",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/45315"
            },
            {
              "name": "8306",
              "refsource": "SREASON",
              "tags": [],
              "url": "http://securityreason.com/securityalert/8306"
            },
            {
              "name": "MDVSA-2011:124",
              "refsource": "MANDRIVA",
              "tags": [],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:124"
            },
            {
              "name": "20110707 phpMyAdmin 3.x Multiple Remote Code Executions",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/518804/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-09T19:32Z",
      "publishedDate": "2011-07-14T23:55Z"
    }
  }
}

fkie_cve-2011-2507

Vulnerability from fkie_nvd

Published

2011-07-14 23:55

Modified

2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
secalert@redhat.com	http://0x6a616d6573.blogspot.com/2011/07/phpmyadmin-fud.html
secalert@redhat.com	http://ha.xxor.se/2011/07/phpmyadmin-3x-multiple-remote-code.html	Exploit
secalert@redhat.com	http://ha.xxor.se/2011/07/phpmyadmin-3x-pregreplace-rce-poc.html	Exploit
secalert@redhat.com	http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062719.html
secalert@redhat.com	http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commit%3Bh=69fb0f8e7dc38075427aceaf09bcac697d0590ff
secalert@redhat.com	http://secunia.com/advisories/45139	Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/45292
secalert@redhat.com	http://secunia.com/advisories/45315
secalert@redhat.com	http://securityreason.com/securityalert/8306
secalert@redhat.com	http://typo3.org/teams/security/security-bulletins/typo3-sa-2011-008/
secalert@redhat.com	http://www.debian.org/security/2011/dsa-2286
secalert@redhat.com	http://www.mandriva.com/security/advisories?name=MDVSA-2011:124
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2011/06/28/2
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2011/06/28/6
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2011/06/28/8
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2011/06/29/11
secalert@redhat.com	http://www.osvdb.org/73613
secalert@redhat.com	http://www.phpmyadmin.net/home_page/security/PMASA-2011-7.php	Patch, Vendor Advisory
secalert@redhat.com	http://www.securityfocus.com/archive/1/518804/100/0/threaded
secalert@redhat.com	http://www.xxor.se/advisories/phpMyAdmin_3.x_Multiple_Remote_Code_Executions.txt
af854a3a-2127-422b-91ae-364da2661108	http://0x6a616d6573.blogspot.com/2011/07/phpmyadmin-fud.html
af854a3a-2127-422b-91ae-364da2661108	http://ha.xxor.se/2011/07/phpmyadmin-3x-multiple-remote-code.html	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://ha.xxor.se/2011/07/phpmyadmin-3x-pregreplace-rce-poc.html	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062719.html
af854a3a-2127-422b-91ae-364da2661108	http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commit%3Bh=69fb0f8e7dc38075427aceaf09bcac697d0590ff
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/45139	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/45292
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/45315
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/8306
af854a3a-2127-422b-91ae-364da2661108	http://typo3.org/teams/security/security-bulletins/typo3-sa-2011-008/
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2011/dsa-2286
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2011:124
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2011/06/28/2
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2011/06/28/6
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2011/06/28/8
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2011/06/29/11
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/73613
af854a3a-2127-422b-91ae-364da2661108	http://www.phpmyadmin.net/home_page/security/PMASA-2011-7.php	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/518804/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.xxor.se/advisories/phpMyAdmin_3.x_Multiple_Remote_Code_Executions.txt

Impacted products

Vendor	Product	Version
phpmyadmin	phpmyadmin	3.0.0
phpmyadmin	phpmyadmin	3.0.0
phpmyadmin	phpmyadmin	3.0.0
phpmyadmin	phpmyadmin	3.0.0
phpmyadmin	phpmyadmin	3.0.1
phpmyadmin	phpmyadmin	3.0.1
phpmyadmin	phpmyadmin	3.0.1.1
phpmyadmin	phpmyadmin	3.1.0
phpmyadmin	phpmyadmin	3.1.0
phpmyadmin	phpmyadmin	3.1.1
phpmyadmin	phpmyadmin	3.1.1
phpmyadmin	phpmyadmin	3.1.2
phpmyadmin	phpmyadmin	3.1.2
phpmyadmin	phpmyadmin	3.1.3
phpmyadmin	phpmyadmin	3.1.3
phpmyadmin	phpmyadmin	3.1.3.1
phpmyadmin	phpmyadmin	3.1.3.2
phpmyadmin	phpmyadmin	3.1.4
phpmyadmin	phpmyadmin	3.1.4
phpmyadmin	phpmyadmin	3.1.5
phpmyadmin	phpmyadmin	3.1.5
phpmyadmin	phpmyadmin	3.2.0
phpmyadmin	phpmyadmin	3.2.0
phpmyadmin	phpmyadmin	3.2.0
phpmyadmin	phpmyadmin	3.2.1
phpmyadmin	phpmyadmin	3.2.1
phpmyadmin	phpmyadmin	3.2.2
phpmyadmin	phpmyadmin	3.2.2
phpmyadmin	phpmyadmin	3.3.0.0
phpmyadmin	phpmyadmin	3.3.1.0
phpmyadmin	phpmyadmin	3.3.2.0
phpmyadmin	phpmyadmin	3.3.3.0
phpmyadmin	phpmyadmin	3.3.4.0
phpmyadmin	phpmyadmin	3.3.5.0
phpmyadmin	phpmyadmin	3.3.5.1
phpmyadmin	phpmyadmin	3.3.6
phpmyadmin	phpmyadmin	3.3.7
phpmyadmin	phpmyadmin	3.3.8
phpmyadmin	phpmyadmin	3.3.8.1
phpmyadmin	phpmyadmin	3.3.9.0
phpmyadmin	phpmyadmin	3.3.9.1
phpmyadmin	phpmyadmin	3.3.9.2
phpmyadmin	phpmyadmin	3.3.10.0
phpmyadmin	phpmyadmin	3.3.10.1
phpmyadmin	phpmyadmin	3.4.0.0
phpmyadmin	phpmyadmin	3.4.1.0
phpmyadmin	phpmyadmin	3.4.2.0
phpmyadmin	phpmyadmin	3.4.3.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7ED38B88-A4D2-40B4-A5A8-A9FD1BCAAF8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.0.0:alpha:*:*:*:*:*:*",
              "matchCriteriaId": "5E5D29CC-12CE-43D3-A135-C148542E5AAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.0.0:beta:*:*:*:*:*:*",
              "matchCriteriaId": "BAF28FF5-6FF5-47D8-BEB9-D54E58C0740F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.0.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "613C697A-7CFF-4529-BD15-0ED4B753527A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "56908EFC-CCA8-4B22-8F8F-FB23C934D6E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.0.1:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "82DFC89B-F989-41C5-87E2-11A259E7F5C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F21917E9-A820-4A5F-B38B-E3E0F79A380C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "400E2D41-CB1F-4E5C-B08D-35294F8D1402",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.1.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "16247466-32B5-4632-9F4E-92A70ED9604D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4AFEEBA-01BA-46D6-86A3-B1B5A8F1B5FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.1.1:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "3F72014B-B168-4FFA-ADDC-86CE84D19681",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AFFE8553-D8FF-4BA3-9325-A3C366FDFBEB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.1.2:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "72CD1784-3F48-49B5-A154-61C1F7EC3F61",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAAA1171-F570-4E4D-B667-2D4C8F8ECDD0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.1.3:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "278B4EF3-4331-4334-AB55-EC05C069F48A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.1.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4943CF80-91E5-42CD-BD51-6CAFC83EA5A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.1.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0284F72-2126-4BE8-90CA-82D2E4B3E96D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C24AEFB1-7070-4F9B-BCDA-60F33C17D536",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.1.4:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "E8D735F4-165E-45C9-BF3B-9B618A8E3720",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "62E60F6F-C855-45BF-8840-398FA62626EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.1.5:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "F4EDCE1E-436A-4369-A734-7D620F5D89B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "98051D18-43E3-47D6-A8D4-AD9F0C8B0A7F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.2.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "6B468BEA-022D-48A9-8E52-31D78F28E871",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.2.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "78BC489B-E02E-4C6E-9EA1-EDC926EBA5BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDCB1657-8C8F-44FE-8C1D-BF191DE70657",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.2.1:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "35F44A77-1169-4A0D-8864-EB7AF56324AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE0CFF97-8F8B-405D-BA59-B88C1C07A4C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.2.2:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "BA3C0B46-3964-4A22-9AD4-4F4C8B4B4790",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "84100813-C889-4DB0-8D86-E78A047B7C7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B99F558E-F696-467D-8C8B-5CFFED2A95D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "85BA84E5-8631-478C-8229-CFF36F61569A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "77430AB8-6EAA-4C99-9700-E5015F8D56FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CFADB43-A63B-4A58-9A9D-232B0CA3F9DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "89FC756B-8CF7-4F57-A6AA-8C074F14BCA0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3EE1361B-D70B-45B9-BD2F-7C049D96928A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "06EE0CCB-559F-457B-A1EC-79D0680DCDD8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "00826A60-50A4-4E05-B317-8D0A5FC637BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "7AC1AECC-6521-4D9D-88D5-86DA8BDB1D26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "79093150-F515-42D9-AEF2-86C0C4B1B8AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FE65F49-CDED-49B0-89F4-CE52E357069A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B29D2E6-F327-4B19-B33F-E888F8B81E7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C579327-8F92-41AF-926A-86442063A83D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C3F84C4-883B-48DC-9181-E54A87DC973B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C10C216-594B-4F08-B86E-A476A452189B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C714361-7AE3-4DC2-994C-7C67B41226B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A3CED16-3ECE-49F6-A52B-0222B14DBC88",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4938BCE-1365-469A-B714-A5D9C451FA20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "35F46942-E054-43E4-9543-E126738845E2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "libraries/server_synchronize.lib.php in the Synchronize implementation in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 does not properly quote regular expressions, which allows remote authenticated users to inject a PCRE e (aka PREG_REPLACE_EVAL) modifier, and consequently execute arbitrary PHP code, by leveraging the ability to modify the SESSION superglobal array."
    },
    {
      "lang": "es",
      "value": "libraries/server_synchronize.lib.php en la implementaci\u00f3n Synchronize en phpMyAdmin v3.x anterior a v3.3.10.2 y v3.4.x anterior a v3.4.3.1 no entrecomilla correctamente las expresiones regulares, permitiendo a usuarios remotos autenticados inyectar  PCRE  (conocido como PREG_REPLACE_EVAL) y ejecutar c\u00f3digo PHP arbitrario, mediante la modificaci\u00f3n del array superglobal SESI\u00d3N."
    }
  ],
  "id": "CVE-2011-2507",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2011-07-14T23:55:04.973",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://0x6a616d6573.blogspot.com/2011/07/phpmyadmin-fud.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit"
      ],
      "url": "http://ha.xxor.se/2011/07/phpmyadmin-3x-multiple-remote-code.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit"
      ],
      "url": "http://ha.xxor.se/2011/07/phpmyadmin-3x-pregreplace-rce-poc.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062719.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commit%3Bh=69fb0f8e7dc38075427aceaf09bcac697d0590ff"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/45139"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/45292"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/45315"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://securityreason.com/securityalert/8306"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2011-008/"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2011/dsa-2286"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:124"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2011/06/28/2"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2011/06/28/6"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2011/06/28/8"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2011/06/29/11"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.osvdb.org/73613"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.phpmyadmin.net/home_page/security/PMASA-2011-7.php"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/archive/1/518804/100/0/threaded"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.xxor.se/advisories/phpMyAdmin_3.x_Multiple_Remote_Code_Executions.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://0x6a616d6573.blogspot.com/2011/07/phpmyadmin-fud.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://ha.xxor.se/2011/07/phpmyadmin-3x-multiple-remote-code.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://ha.xxor.se/2011/07/phpmyadmin-3x-pregreplace-rce-poc.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062719.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commit%3Bh=69fb0f8e7dc38075427aceaf09bcac697d0590ff"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/45139"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/45292"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/45315"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/8306"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2011-008/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2011/dsa-2286"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:124"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2011/06/28/2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2011/06/28/6"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2011/06/28/8"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2011/06/29/11"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/73613"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.phpmyadmin.net/home_page/security/PMASA-2011-7.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/518804/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.xxor.se/advisories/phpMyAdmin_3.x_Multiple_Remote_Code_Executions.txt"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2011-2507 (GCVE-0-2011-2507)

Vulnerability from cvelistv5

CERTA-2011-AVI-380

Vulnerability from certfr_avis

Description

Solution

ghsa-rm5v-f378-qgp9

Vulnerability from github

gsd-2011-2507

Vulnerability from gsd

fkie_cve-2011-2507

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature