Lucene search

K

PRIOn knowledge basePRION:CVE-2011-2505

HistoryJul 14, 2011 - 11:55 p.m.

Authentication flaw

2011-07-1423:55:00

PRIOn knowledge base

www.prio-n.com

2

7 High

AI Score

Confidence

Low

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

0.14 Low

EPSS

Percentile

95.5%

libraries/auth/swekey/swekey.auth.lib.php in the Swekey authentication feature in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 assigns values to arbitrary parameters referenced in the query string, which allows remote attackers to modify the SESSION superglobal array via a crafted request, related to a “remote variable manipulation vulnerability.”

CPENameOperatorVersion
phpmyadmineq3.0.1.1
phpmyadmineq3.2.1
phpmyadmineq3.3.10.0
phpmyadmineq3.1.4
phpmyadmineq3.1.3
phpmyadmineq3.3.8.1
phpmyadmineq3.2.0
phpmyadmineq3.3.10.1
phpmyadmineq3.2.1 rc1
phpmyadmineq3.1.2

Rows per page:

1-10 of 481

References

ha.xxor.se/2011/07/phpmyadmin-3x-multiple-remote-code.html

phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commit;h=7ebd958b2bf59f96fecd5b3322bdbd0b244a7967

secunia.com/advisories/45139

secunia.com/advisories/45292

secunia.com/advisories/45315

securityreason.com/securityalert/8306

typo3.org/teams/security/security-bulletins/typo3-sa-2011-008/

www.debian.org/security/2011/dsa-2286

www.mandriva.com/security/advisories?name=MDVSA-2011:124

www.openwall.com/lists/oss-security/2011/06/28/2

www.openwall.com/lists/oss-security/2011/06/28/6

www.openwall.com/lists/oss-security/2011/06/28/8

www.openwall.com/lists/oss-security/2011/06/29/11

www.osvdb.org/73611

www.securityfocus.com/archive/1/518804/100/0/threaded

www.xxor.se/advisories/phpMyAdmin_3.x_Multiple_Remote_Code_Executions.txt

lists.fedoraproject.org/pipermail/package-announce/2011-July/062719.html

www.exploit-db.com/exploits/17514/

www.phpmyadmin.net/home_page/security/PMASA-2011-5.php

7 High

AI Score

Confidence

Low

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

0.14 Low

EPSS

Percentile

95.5%

Related for PRION:CVE-2011-2505

ubuntucve2 cve2 github1 phpmyadmin1 checkpoint_advisories1 debiancve2 seebug5 osv2 exploitpack2 prion1 packetstorm3 thn2 threatpost1 dsquare1 exploitdb2 nessus5 openvas10 freebsd1 securityvulns3 debian1 gentoo1