Lucene search

K

RedhatCVELIST:CVE-2011-2505

HistoryJul 14, 2011 - 11:00 p.m.

CVE-2011-2505

2011-07-1423:00:00

redhat

www.cve.org

4

AI Score

6.5

Confidence

High

EPSS

0.14

Percentile

95.7%

libraries/auth/swekey/swekey.auth.lib.php in the Swekey authentication feature in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 assigns values to arbitrary parameters referenced in the query string, which allows remote attackers to modify the SESSION superglobal array via a crafted request, related to a “remote variable manipulation vulnerability.”

References

ha.xxor.se/2011/07/phpmyadmin-3x-multiple-remote-code.html

lists.fedoraproject.org/pipermail/package-announce/2011-July/062719.html

phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commit%3Bh=7ebd958b2bf59f96fecd5b3322bdbd0b244a7967

secunia.com/advisories/45139

secunia.com/advisories/45292

secunia.com/advisories/45315

securityreason.com/securityalert/8306

typo3.org/teams/security/security-bulletins/typo3-sa-2011-008/

www.debian.org/security/2011/dsa-2286

www.exploit-db.com/exploits/17514/

www.mandriva.com/security/advisories?name=MDVSA-2011:124

www.openwall.com/lists/oss-security/2011/06/28/2

www.openwall.com/lists/oss-security/2011/06/28/6

www.openwall.com/lists/oss-security/2011/06/28/8

www.openwall.com/lists/oss-security/2011/06/29/11

www.osvdb.org/73611

www.phpmyadmin.net/home_page/security/PMASA-2011-5.php

www.securityfocus.com/archive/1/518804/100/0/threaded

www.xxor.se/advisories/phpMyAdmin_3.x_Multiple_Remote_Code_Executions.txt

AI Score

6.5

Confidence

High

EPSS

0.14

Percentile

95.7%

Related for CVELIST:CVE-2011-2505