Lucene search

K

PRIOn knowledge basePRION:CVE-2011-2507

HistoryJul 14, 2011 - 11:55 p.m.

Code injection

2011-07-1423:55:00

PRIOn knowledge base

www.prio-n.com

6

7.2 High

AI Score

Confidence

Low

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.166 Low

EPSS

Percentile

95.9%

libraries/server_synchronize.lib.php in the Synchronize implementation in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 does not properly quote regular expressions, which allows remote authenticated users to inject a PCRE e (aka PREG_REPLACE_EVAL) modifier, and consequently execute arbitrary PHP code, by leveraging the ability to modify the SESSION superglobal array.

CPENameOperatorVersion
phpmyadmineq3.0.1.1
phpmyadmineq3.2.1
phpmyadmineq3.3.10.0
phpmyadmineq3.1.4
phpmyadmineq3.1.3
phpmyadmineq3.3.8.1
phpmyadmineq3.2.0
phpmyadmineq3.3.10.1
phpmyadmineq3.2.1 rc1
phpmyadmineq3.1.2

Rows per page:

1-10 of 481

References

ha.xxor.se/2011/07/phpmyadmin-3x-multiple-remote-code.html

ha.xxor.se/2011/07/phpmyadmin-3x-pregreplace-rce-poc.html

phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commit;h=69fb0f8e7dc38075427aceaf09bcac697d0590ff

secunia.com/advisories/45139

secunia.com/advisories/45292

secunia.com/advisories/45315

securityreason.com/securityalert/8306

typo3.org/teams/security/security-bulletins/typo3-sa-2011-008/

www.debian.org/security/2011/dsa-2286

www.mandriva.com/security/advisories?name=MDVSA-2011:124

www.openwall.com/lists/oss-security/2011/06/28/2

www.openwall.com/lists/oss-security/2011/06/28/6

www.openwall.com/lists/oss-security/2011/06/28/8

www.openwall.com/lists/oss-security/2011/06/29/11

www.osvdb.org/73613

www.securityfocus.com/archive/1/518804/100/0/threaded

www.xxor.se/advisories/phpMyAdmin_3.x_Multiple_Remote_Code_Executions.txt

0x6a616d6573.blogspot.com/2011/07/phpmyadmin-fud.html

lists.fedoraproject.org/pipermail/package-announce/2011-July/062719.html

www.phpmyadmin.net/home_page/security/PMASA-2011-7.php

7.2 High

AI Score

Confidence

Low

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.166 Low

EPSS

Percentile

95.9%

Related for PRION:CVE-2011-2507

debiancve1 ubuntucve1 cve1 phpmyadmin1 dsquare1 nessus5 securityvulns3 openvas10 packetstorm1 seebug2 freebsd1 osv1 debian1 gentoo1