5

CVE-2010-4481

phpMyAdmin before 3.4.0-beta1 allows remote attackers to bypass authentication and obtain sensitive information via a direct request to phpinfo.php, which calls the phpinfo function.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PhpmyadminPhpmyadmin Version <= 3.3.9.0
PhpmyadminPhpmyadmin Version2.11.0
PhpmyadminPhpmyadmin Version2.11.1.0
PhpmyadminPhpmyadmin Version2.11.1.1
PhpmyadminPhpmyadmin Version2.11.1.2
PhpmyadminPhpmyadmin Version2.11.2.0
PhpmyadminPhpmyadmin Version2.11.2.1
PhpmyadminPhpmyadmin Version2.11.2.2
PhpmyadminPhpmyadmin Version2.11.3.0
PhpmyadminPhpmyadmin Version2.11.4.0
PhpmyadminPhpmyadmin Version2.11.5.0
PhpmyadminPhpmyadmin Version2.11.5.1
PhpmyadminPhpmyadmin Version2.11.5.2
PhpmyadminPhpmyadmin Version2.11.6.0
PhpmyadminPhpmyadmin Version2.11.7.0
PhpmyadminPhpmyadmin Version2.11.7.1
PhpmyadminPhpmyadmin Version2.11.8.0
PhpmyadminPhpmyadmin Version2.11.9.0
PhpmyadminPhpmyadmin Version2.11.9.1
PhpmyadminPhpmyadmin Version2.11.9.2
PhpmyadminPhpmyadmin Version2.11.9.3
PhpmyadminPhpmyadmin Version2.11.9.4
PhpmyadminPhpmyadmin Version2.11.9.5
PhpmyadminPhpmyadmin Version2.11.9.6
PhpmyadminPhpmyadmin Version2.11.10.0
PhpmyadminPhpmyadmin Version2.11.10.1
PhpmyadminPhpmyadmin Version3.0.0
PhpmyadminPhpmyadmin Version3.0.0 Updatealpha
PhpmyadminPhpmyadmin Version3.0.0 Updatebeta
PhpmyadminPhpmyadmin Version3.0.0 Updaterc1
PhpmyadminPhpmyadmin Version3.0.1
PhpmyadminPhpmyadmin Version3.0.1 Updaterc1
PhpmyadminPhpmyadmin Version3.0.1.1
PhpmyadminPhpmyadmin Version3.1.0
PhpmyadminPhpmyadmin Version3.1.0 Updatebeta1
PhpmyadminPhpmyadmin Version3.1.1
PhpmyadminPhpmyadmin Version3.1.1 Updaterc1
PhpmyadminPhpmyadmin Version3.1.2
PhpmyadminPhpmyadmin Version3.1.2 Updaterc1
PhpmyadminPhpmyadmin Version3.1.3
PhpmyadminPhpmyadmin Version3.1.3 Updaterc1
PhpmyadminPhpmyadmin Version3.1.3.1
PhpmyadminPhpmyadmin Version3.1.3.2
PhpmyadminPhpmyadmin Version3.1.4
PhpmyadminPhpmyadmin Version3.1.4 Updaterc2
PhpmyadminPhpmyadmin Version3.1.5
PhpmyadminPhpmyadmin Version3.1.5 Updaterc1
PhpmyadminPhpmyadmin Version3.2.0
PhpmyadminPhpmyadmin Version3.2.0 Updatebeta1
PhpmyadminPhpmyadmin Version3.2.0 Updaterc1
PhpmyadminPhpmyadmin Version3.2.1
PhpmyadminPhpmyadmin Version3.2.1 Updaterc1
PhpmyadminPhpmyadmin Version3.2.2
PhpmyadminPhpmyadmin Version3.2.2 Updaterc1
PhpmyadminPhpmyadmin Version3.3.0.0
PhpmyadminPhpmyadmin Version3.3.1.0
PhpmyadminPhpmyadmin Version3.3.2.0
PhpmyadminPhpmyadmin Version3.3.3.0
PhpmyadminPhpmyadmin Version3.3.4.0
PhpmyadminPhpmyadmin Version3.3.5.0
PhpmyadminPhpmyadmin Version3.3.5.1
PhpmyadminPhpmyadmin Version3.3.6
PhpmyadminPhpmyadmin Version3.3.7
PhpmyadminPhpmyadmin Version3.3.8
PhpmyadminPhpmyadmin Version3.3.8.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.02% 0.784
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

http://secunia.com/advisories/42725
Vendor Advisory
http://www.debian.org/security/2010/dsa-2139
http://www.vupen.com/english/advisories/2011/0001
Vendor Advisory
http://secunia.com/advisories/42485
Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2011:000
http://www.vupen.com/english/advisories/2011/0027
Vendor Advisory
http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commitdiff%3Bh=4d9fd005671b05c4d74615d5939ed45e4d019e4c
http://www.phpmyadmin.net/home_page/security/PMASA-2010-10.php
Patch
Vendor Advisory
http://www.vupen.com/english/advisories/2010/3238
Vendor Advisory