5

CVE-2011-0986

phpMyAdmin 2.11.x before 2.11.11.2, and 3.3.x before 3.3.9.1, does not properly handle the absence of the (1) README, (2) ChangeLog, and (3) LICENSE files, which allows remote attackers to obtain the installation path via a direct request for a nonexistent file.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PhpmyadminPhpmyadmin Version2.11.0
PhpmyadminPhpmyadmin Version2.11.1.0
PhpmyadminPhpmyadmin Version2.11.1.1
PhpmyadminPhpmyadmin Version2.11.1.2
PhpmyadminPhpmyadmin Version2.11.2.0
PhpmyadminPhpmyadmin Version2.11.2.1
PhpmyadminPhpmyadmin Version2.11.2.2
PhpmyadminPhpmyadmin Version2.11.3.0
PhpmyadminPhpmyadmin Version2.11.4.0
PhpmyadminPhpmyadmin Version2.11.5.0
PhpmyadminPhpmyadmin Version2.11.5.1
PhpmyadminPhpmyadmin Version2.11.5.2
PhpmyadminPhpmyadmin Version2.11.6.0
PhpmyadminPhpmyadmin Version2.11.7.0
PhpmyadminPhpmyadmin Version2.11.7.1
PhpmyadminPhpmyadmin Version2.11.8.0
PhpmyadminPhpmyadmin Version2.11.9.0
PhpmyadminPhpmyadmin Version2.11.9.1
PhpmyadminPhpmyadmin Version2.11.9.2
PhpmyadminPhpmyadmin Version2.11.9.3
PhpmyadminPhpmyadmin Version2.11.9.4
PhpmyadminPhpmyadmin Version2.11.9.5
PhpmyadminPhpmyadmin Version2.11.9.6
PhpmyadminPhpmyadmin Version2.11.10.0
PhpmyadminPhpmyadmin Version2.11.10.1
PhpmyadminPhpmyadmin Version2.11.11
PhpmyadminPhpmyadmin Version2.11.11.1
PhpmyadminPhpmyadmin Version3.0.0
PhpmyadminPhpmyadmin Version3.0.0 Updatealpha
PhpmyadminPhpmyadmin Version3.0.0 Updatebeta
PhpmyadminPhpmyadmin Version3.0.0 Updaterc1
PhpmyadminPhpmyadmin Version3.0.1
PhpmyadminPhpmyadmin Version3.0.1 Updaterc1
PhpmyadminPhpmyadmin Version3.0.1.1
PhpmyadminPhpmyadmin Version3.1.0
PhpmyadminPhpmyadmin Version3.1.0 Updatebeta1
PhpmyadminPhpmyadmin Version3.1.1
PhpmyadminPhpmyadmin Version3.1.1 Updaterc1
PhpmyadminPhpmyadmin Version3.1.2
PhpmyadminPhpmyadmin Version3.1.2 Updaterc1
PhpmyadminPhpmyadmin Version3.1.3
PhpmyadminPhpmyadmin Version3.1.3 Updaterc1
PhpmyadminPhpmyadmin Version3.1.3.1
PhpmyadminPhpmyadmin Version3.1.3.2
PhpmyadminPhpmyadmin Version3.1.4
PhpmyadminPhpmyadmin Version3.1.4 Updaterc2
PhpmyadminPhpmyadmin Version3.1.5
PhpmyadminPhpmyadmin Version3.1.5 Updaterc1
PhpmyadminPhpmyadmin Version3.2.0
PhpmyadminPhpmyadmin Version3.2.0 Updatebeta1
PhpmyadminPhpmyadmin Version3.2.0 Updaterc1
PhpmyadminPhpmyadmin Version3.2.1
PhpmyadminPhpmyadmin Version3.2.1 Updaterc1
PhpmyadminPhpmyadmin Version3.2.2
PhpmyadminPhpmyadmin Version3.2.2 Updaterc1
PhpmyadminPhpmyadmin Version3.3.0.0
PhpmyadminPhpmyadmin Version3.3.1.0
PhpmyadminPhpmyadmin Version3.3.2.0
PhpmyadminPhpmyadmin Version3.3.3.0
PhpmyadminPhpmyadmin Version3.3.4.0
PhpmyadminPhpmyadmin Version3.3.5.0
PhpmyadminPhpmyadmin Version3.3.5.1
PhpmyadminPhpmyadmin Version3.3.6
PhpmyadminPhpmyadmin Version3.3.7
PhpmyadminPhpmyadmin Version3.3.8
PhpmyadminPhpmyadmin Version3.3.8.1
PhpmyadminPhpmyadmin Version3.3.9.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.56% 0.72
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054349.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054355.html
http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commit%3Bh=035d002db1e1201e73e560d7d98591563b506a83
http://secunia.com/advisories/43478
http://www.mandriva.com/security/advisories?name=MDVSA-2011:026
http://www.phpmyadmin.net/home_page/security/PMASA-2011-1.php
Patch
Vendor Advisory
http://www.vupen.com/english/advisories/2011/0385
https://exchange.xforce.ibmcloud.com/vulnerabilities/65424