CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:P/A:P
EPSS
Percentile
95.7%
libraries/auth/swekey/swekey.auth.lib.php in the Swekey authentication
feature in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 assigns
values to arbitrary parameters referenced in the query string, which allows
remote attackers to modify the SESSION superglobal array via a crafted
request, related to a “remote variable manipulation vulnerability.”
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 11.10 | noarch | phpmyadmin | < 4:3.4.3.1-1 | UNKNOWN |
ubuntu | 12.04 | noarch | phpmyadmin | < 4:3.4.3.1-1 | UNKNOWN |
ubuntu | 12.10 | noarch | phpmyadmin | < 4:3.4.3.1-1 | UNKNOWN |
ubuntu | 13.04 | noarch | phpmyadmin | < 4:3.4.3.1-1 | UNKNOWN |
ubuntu | 13.10 | noarch | phpmyadmin | < 4:3.4.3.1-1 | UNKNOWN |