CVE-2011-2506

setup/lib/ConfigGenerator.class.php in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 does not properly restrict the presence of comment closing delimiters, which allows remote attackers to conduct static code injection attacks by leveraging the ability to modify the SESSION superglobal...

Authentication flaw

libraries/auth/swekey/swekey.auth.lib.php in the Swekey authentication feature in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 assigns values to arbitrary parameters referenced in the query string, which allows remote attackers to modify the SESSION superglobal array via a crafted...

Directory traversal

Directory traversal vulnerability in libraries/displaytbl.lib.php in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1, when a certain MIME transformation feature is enabled, allows remote authenticated users to include and execute arbitrary local files via a .. dot dot in a...

CVE-2011-2507

libraries/serversynchronize.lib.php in the Synchronize implementation in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 does not properly quote regular expressions, which allows remote authenticated users to inject a PCRE e aka PREGREPLACEEVAL modifier, and consequently execute arbitrary...

CVE-2011-2508

Directory traversal vulnerability in libraries/displaytbl.lib.php in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1, when a certain MIME transformation feature is enabled, allows remote authenticated users to include and execute arbitrary local files via a .. dot dot in a...

Code injection

libraries/serversynchronize.lib.php in the Synchronize implementation in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 does not properly quote regular expressions, which allows remote authenticated users to inject a PCRE e aka PREGREPLACEEVAL modifier, and consequently execute arbitrary...

CVE-2011-2505

Summary: CVE-2011-2505 affects phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1. The Swekey authentication flow can assign values to arbitrary parameters in the query string, enabling remote manipulation of the SESSION superglobal via a crafted request (remote variable manipulation vulnera...

CVE-2011-2506

setup/lib/ConfigGenerator.class.php in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 does not properly restrict the presence of comment closing delimiters, which allows remote attackers to conduct static code injection attacks by leveraging the ability to modify the SESSION superglobal...

CVE-2011-2505

libraries/auth/swekey/swekey.auth.lib.php in the Swekey authentication feature in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 assigns values to arbitrary parameters referenced in the query string, which allows remote attackers to modify the SESSION superglobal array via a crafted...

CVE-2011-2507

libraries/serversynchronize.lib.php in the Synchronize implementation in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 does not properly quote regular expressions, which allows remote authenticated users to inject a PCRE e aka PREGREPLACEEVAL modifier, and consequently execute arbitrary...

CVE-2011-2506

CVE-2011-2506 affects phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1. Root cause: setup/lib/ConfigGenerator.class.php does not properly restrict closing comment delimiters, enabling remote attackers to perform static code injection by manipulating the SESSION superglobal. Impact: remote ...

CVE-2011-2507

CVE-2011-2507 affects phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1. The vulnerability stems from improper quoting of regular expressions in libraries/server_synchronize.lib.php, allowing a remote authenticated user to inject a PCRE_EVAL modifier via a modified SESSION array and execute...

CVE-2011-2508

Directory traversal vulnerability in libraries/displaytbl.lib.php in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1, when a certain MIME transformation feature is enabled, allows remote authenticated users to include and execute arbitrary local files via a .. dot dot in a...

CVE-2011-2508

Directory traversal vulnerability in libraries/displaytbl.lib.php in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1, when a certain MIME transformation feature is enabled, allows remote authenticated users to include and execute arbitrary local files via a .. dot dot in a...

CVE-2011-2508

CVE-2011-2508 affects phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1. A directory traversal via a crafted GLOBALS[mime_map][$meta->name][transformation] parameter allows remote authenticated users to perform local file inclusion and potentially execute local files. Root cause: insecur...

CVE-2011-2505

libraries/auth/swekey/swekey.auth.lib.php in the Swekey authentication feature in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 assigns values to arbitrary parameters referenced in the query string, which allows remote attackers to modify the SESSION superglobal array via a crafted...

CVE-2011-2507

libraries/serversynchronize.lib.php in the Synchronize implementation in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 does not properly quote regular expressions, which allows remote authenticated users to inject a PCRE e aka PREGREPLACEEVAL modifier, and consequently execute arbitrary...

CVE-2011-2506

setup/lib/ConfigGenerator.class.php in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 does not properly restrict the presence of comment closing delimiters, which allows remote attackers to conduct static code injection attacks by leveraging the ability to modify the SESSION superglobal...

phpMyAdmin 3.3.x < 3.3.10.2 / 3.4.x < 3.4.3.1 Multiple Vulnerabilities

Binary data 5985.prm...

phpMyAdmin 3.x Multiple Remote Code Executions

phpMyAdmin 3.x Multiple Remote Code Executions Advisory from . '::'::''. '..' &16...