Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2011-2506 | First vendor Publication | 2011-07-14 |
| Vendor | Cve | Last vendor Modification | 2024-11-21 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 7.5 | Attack Range | Network |
| Cvss Impact Score | 6.4 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| setup/lib/ConfigGenerator.class.php in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 does not properly restrict the presence of comment closing delimiters, which allows remote attackers to conduct static code injection attacks by leveraging the ability to modify the SESSION superglobal array. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2506 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
CPE : Common Platform Enumeration
ExploitDB Exploits
| id | Description |
|---|---|
| 2011-07-09 | phpMyAdmin 3.x Swekey Remote Code Injection Exploit |
| 2011-07-08 | phpMyAdmin3 (pma3) Remote Code Execution Exploit |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2012-02-12 | Name : Gentoo Security Advisory GLSA 201201-01 (phpMyAdmin) File : nvt/glsa_201201_01.nasl |
| 2011-08-18 | Name : Mandriva Update for phpmyadmin MDVSA-2011:124 (phpmyadmin) File : nvt/gb_mandriva_MDVSA_2011_124.nasl |
| 2011-08-03 | Name : FreeBSD Ports: phpmyadmin File : nvt/freebsd_phpmyadmin11.nasl |
| 2011-07-18 | Name : Fedora Update for phpMyAdmin FEDORA-2011-9144 File : nvt/gb_fedora_2011_9144_phpMyAdmin_fc14.nasl |
| 2011-07-11 | Name : phpMyAdmin Prior to 3.3.10.2 and 3.4.3.1 Multiple Remote Vulnerabilities File : nvt/gb_phpmyadmin_48563.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 73612 | phpMyAdmin SESSION Superglobal Array Key Manipulation Arbitrary PHP Code Exec... |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2014-01-10 | phpMyAdmin session_to_unset session variable injection attempt RuleID : 19553 - Revision : 6 - Type : SERVER-WEBAPP |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2012-01-05 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201201-01.nasl - Type : ACT_GATHER_INFO |
| 2011-12-20 | Name : The remote web server contains a PHP application that is affected by multiple... File : phpmyadmin_pmasa_2011_8.nasl - Type : ACT_GATHER_INFO |
| 2011-07-28 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2286.nasl - Type : ACT_GATHER_INFO |
| 2011-07-18 | Name : The remote Fedora host is missing a security update. File : fedora_2011-9144.nasl - Type : ACT_GATHER_INFO |
| 2011-07-05 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_7e4e5c53a56c11e0b18000216aa06fc2.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
| Date | Informations |
|---|---|
| 2024-11-28 23:04:43 |
|
| 2024-11-28 12:26:08 |
|
| 2023-11-07 21:47:23 |
|
| 2021-05-04 12:14:43 |
|
| 2021-04-22 01:16:02 |
|
| 2020-05-23 00:28:56 |
|
| 2018-10-10 00:19:44 |
|
| 2016-06-28 18:42:36 |
|
| 2016-04-26 20:51:44 |
|
| 2014-02-17 11:03:19 |
|
| 2014-01-19 21:28:03 |
|
| 2013-12-14 21:19:30 |
|
| 2013-05-10 23:03:09 |
|
