Home > Vulnerability Database > CVE-2011-2506

Mend.io Vulnerability Database

CVE-2011-2506

Date: July 14, 2011

setup/lib/ConfigGenerator.class.php in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 does not properly restrict the presence of comment closing delimiters, which allows remote attackers to conduct static code injection attacks by leveraging the ability to modify the SESSION superglobal array.

Language: PHP

Severity Score

7.3

Related Resources (30)

Url: https://web.archive.org/web/20111116172111/http://www.securityfocus.com/archive/1/518804/100/0/threaded

Url: http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commit;h=0fbedaf5fd7a771d0885c6b7385d934fc90d0d7f

Url: http://www.osvdb.org/73612

Url: http://secunia.com/advisories/45292

Url: http://www.xxor.se/advisories/phpMyAdmin_3.x_Multiple_Remote_Code_Executions.txt

Url: http://typo3.org/teams/security/security-bulletins/typo3-sa-2011-008

Url: http://www.securityfocus.com/archive/1/518804/100/0/threaded

Url: https://github.com/phpmyadmin/phpmyadmin/commit/2e01647949df937040e73a94ce0bac0daecbdcf4

Url: https://nvd.nist.gov/vuln/detail/CVE-2011-2506

Url: http://typo3.org/teams/security/security-bulletins/typo3-sa-2011-008/

Url: http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062719.html

Url: https://web.archive.org/web/20121105034518/http://www.mandriva.com/en/support/security/advisories?name=MDVSA-2011:124

Url: http://www.exploit-db.com/exploits/17514

Url: https://github.com/phpmyadmin/phpmyadmin/commit/0fbedaf5fd7a771d0885c6b7385d934fc90d0d7f

Url: http://www.openwall.com/lists/oss-security/2011/06/29/11

Url: http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commit%3Bh=0fbedaf5fd7a771d0885c6b7385d934fc90d0d7f

Url: http://www.phpmyadmin.net/home_page/security/PMASA-2011-6.php

Url: http://www.exploit-db.com/exploits/17514/

Url: https://github.com/phpmyadmin/composer

Url: http://securityreason.com/securityalert/8306

Url: http://ha.xxor.se/2011/07/phpmyadmin-3x-multiple-remote-code.html

Url: https://web.archive.org/web/20110712103138/http://www.xxor.se/advisories/phpMyAdmin_3.x_Multiple_Remote_Code_Executions.txt

Url: http://www.openwall.com/lists/oss-security/2011/06/28/8

Url: http://www.mandriva.com/security/advisories?name=MDVSA-2011:124

Url: http://www.openwall.com/lists/oss-security/2011/06/28/6

Url: http://www.debian.org/security/2011/dsa-2286

Url: http://secunia.com/advisories/45139

Url: http://secunia.com/advisories/45315

Url: http://www.openwall.com/lists/oss-security/2011/06/28/2

Url: https://www.mend.io/vulnerability-database/CVE-2011-2506

Severity Score

7.3

Weakness Type (CWE)

Code Injection

CWE-94

CVSS v3.1

Base Score:	7.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

CVSS v2

Base Score:	7.5
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2011-2506

Date: July 14, 2011

Language: PHP

Severity Score

Related Resources (30)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?