Lucene search
Ubuntu.comUB:CVE-2010-3055HistoryAug 24, 2010 - 12:00 a.m.
CVE-2010-3055
2010-08-2400:00:00
ubuntu.com
ubuntu.com
13
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.101 Low
EPSS
Percentile
94.9%
The configuration setup script (aka scripts/setup.php) in phpMyAdmin 2.11.x
before 2.11.10.1 does not properly restrict key names in its output file,
which allows remote attackers to execute arbitrary PHP code via a crafted
POST request.
Notes
| Author | Note |
|---|---|
| kees | only 2.x series |
Related
cve
cve
CVE-2010-3055
2010-08-24 20:00:00
nessus
nessus
phpMyAdmin setup.php Arbitrary PHP Code Execution (PMASA-2010-4)
2010-08-27 00:00:00
Debian DSA-2097-1 : phpmyadmin - insufficient input sanitising
2010-08-30 00:00:00
GLSA-201201-01 : phpMyAdmin: Multiple vulnerabilities
2012-01-05 00:00:00
debiancve
debiancve
CVE-2010-3055
2010-08-24 20:00:00
phpmyadmin
phpmyadmin
Insufficient output sanitizing when generating configuration file.
2010-08-20 00:00:00
prion
prion
Cross site request forgery (csrf)
2010-08-24 20:00:00
openvas
openvas
Debian Security Advisory DSA 2097-2 (phpmyadmin)
2010-10-10 00:00:00
Debian: Security Advisory (DSA-2097-1)
2010-10-10 00:00:00
securityvulns
securityvulns
debian
debian
[SECURITY] [DSA 2097-1] New phpmyadmin packages fix several vulnerabilities
2010-08-29 10:27:06
[SECURITY] [DSA 2097-2] New phpmyadmin packages fix several vulnerabilities
2010-09-11 14:36:18
osv
osv
phpmyadmin - several vulnerabilities
2010-08-29 00:00:00
phpmyadmin - several vulnerabilities
2010-08-29 00:00:00
gentoo
gentoo
phpMyAdmin: Multiple vulnerabilities
2012-01-04 00:00:00
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.101 Low
EPSS
Percentile
94.9%
Related for UB:CVE-2010-3055