Lucene search

K
cveRedhatCVE-2011-2507
HistoryJul 14, 2011 - 11:55 p.m.

CVE-2011-2507

2011-07-1423:55:04
CWE-94
redhat
web.nvd.nist.gov
47
cve-2011-2507
phpmyadmin
synchronize
code injection
remote exploit
security vulnerability

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

AI Score

6.3

Confidence

High

EPSS

0.166

Percentile

96.0%

libraries/server_synchronize.lib.php in the Synchronize implementation in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 does not properly quote regular expressions, which allows remote authenticated users to inject a PCRE e (aka PREG_REPLACE_EVAL) modifier, and consequently execute arbitrary PHP code, by leveraging the ability to modify the SESSION superglobal array.

Affected configurations

Nvd
Node
phpmyadminphpmyadminMatch3.0.0
OR
phpmyadminphpmyadminMatch3.0.0alpha
OR
phpmyadminphpmyadminMatch3.0.0beta
OR
phpmyadminphpmyadminMatch3.0.0rc1
OR
phpmyadminphpmyadminMatch3.0.1
OR
phpmyadminphpmyadminMatch3.0.1rc1
OR
phpmyadminphpmyadminMatch3.0.1.1
OR
phpmyadminphpmyadminMatch3.1.0
OR
phpmyadminphpmyadminMatch3.1.0beta1
OR
phpmyadminphpmyadminMatch3.1.1
OR
phpmyadminphpmyadminMatch3.1.1rc1
OR
phpmyadminphpmyadminMatch3.1.2
OR
phpmyadminphpmyadminMatch3.1.2rc1
OR
phpmyadminphpmyadminMatch3.1.3
OR
phpmyadminphpmyadminMatch3.1.3rc1
OR
phpmyadminphpmyadminMatch3.1.3.1
OR
phpmyadminphpmyadminMatch3.1.3.2
OR
phpmyadminphpmyadminMatch3.1.4
OR
phpmyadminphpmyadminMatch3.1.4rc2
OR
phpmyadminphpmyadminMatch3.1.5
OR
phpmyadminphpmyadminMatch3.1.5rc1
OR
phpmyadminphpmyadminMatch3.2.0
OR
phpmyadminphpmyadminMatch3.2.0beta1
OR
phpmyadminphpmyadminMatch3.2.0rc1
OR
phpmyadminphpmyadminMatch3.2.1
OR
phpmyadminphpmyadminMatch3.2.1rc1
OR
phpmyadminphpmyadminMatch3.2.2
OR
phpmyadminphpmyadminMatch3.2.2rc1
OR
phpmyadminphpmyadminMatch3.3.0.0
OR
phpmyadminphpmyadminMatch3.3.1.0
OR
phpmyadminphpmyadminMatch3.3.2.0
OR
phpmyadminphpmyadminMatch3.3.3.0
OR
phpmyadminphpmyadminMatch3.3.4.0
OR
phpmyadminphpmyadminMatch3.3.5.0
OR
phpmyadminphpmyadminMatch3.3.5.1
OR
phpmyadminphpmyadminMatch3.3.6
OR
phpmyadminphpmyadminMatch3.3.7
OR
phpmyadminphpmyadminMatch3.3.8
OR
phpmyadminphpmyadminMatch3.3.8.1
OR
phpmyadminphpmyadminMatch3.3.9.0
OR
phpmyadminphpmyadminMatch3.3.9.1
OR
phpmyadminphpmyadminMatch3.3.9.2
OR
phpmyadminphpmyadminMatch3.3.10.0
OR
phpmyadminphpmyadminMatch3.3.10.1
Node
phpmyadminphpmyadminMatch3.4.0.0
OR
phpmyadminphpmyadminMatch3.4.1.0
OR
phpmyadminphpmyadminMatch3.4.2.0
OR
phpmyadminphpmyadminMatch3.4.3.0
VendorProductVersionCPE
phpmyadminphpmyadmin3.0.0cpe:2.3:a:phpmyadmin:phpmyadmin:3.0.0:*:*:*:*:*:*:*
phpmyadminphpmyadmin3.0.0cpe:2.3:a:phpmyadmin:phpmyadmin:3.0.0:alpha:*:*:*:*:*:*
phpmyadminphpmyadmin3.0.0cpe:2.3:a:phpmyadmin:phpmyadmin:3.0.0:beta:*:*:*:*:*:*
phpmyadminphpmyadmin3.0.0cpe:2.3:a:phpmyadmin:phpmyadmin:3.0.0:rc1:*:*:*:*:*:*
phpmyadminphpmyadmin3.0.1cpe:2.3:a:phpmyadmin:phpmyadmin:3.0.1:*:*:*:*:*:*:*
phpmyadminphpmyadmin3.0.1cpe:2.3:a:phpmyadmin:phpmyadmin:3.0.1:rc1:*:*:*:*:*:*
phpmyadminphpmyadmin3.0.1.1cpe:2.3:a:phpmyadmin:phpmyadmin:3.0.1.1:*:*:*:*:*:*:*
phpmyadminphpmyadmin3.1.0cpe:2.3:a:phpmyadmin:phpmyadmin:3.1.0:*:*:*:*:*:*:*
phpmyadminphpmyadmin3.1.0cpe:2.3:a:phpmyadmin:phpmyadmin:3.1.0:beta1:*:*:*:*:*:*
phpmyadminphpmyadmin3.1.1cpe:2.3:a:phpmyadmin:phpmyadmin:3.1.1:*:*:*:*:*:*:*
Rows per page:
1-10 of 481

References

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

AI Score

6.3

Confidence

High

EPSS

0.166

Percentile

96.0%