Lucene search

K
ubuntucveUbuntu.comUB:CVE-2010-3055
HistoryAug 24, 2010 - 12:00 a.m.

CVE-2010-3055

2010-08-2400:00:00
ubuntu.com
ubuntu.com
18

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.101

Percentile

94.9%

The configuration setup script (aka scripts/setup.php) in phpMyAdmin 2.11.x
before 2.11.10.1 does not properly restrict key names in its output file,
which allows remote attackers to execute arbitrary PHP code via a crafted
POST request.

Notes

Author Note
kees only 2.x series

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.101

Percentile

94.9%