CVE-2011-2505

Exploit

EPSS 24.58%
Published 14.07.2011 23:55:04
Last modified 11.04.2025 00:51:21
Source secalert@redhat.com
Teams watchlist Login
Open Login

libraries/auth/swekey/swekey.auth.lib.php in the Swekey authentication feature in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 assigns values to arbitrary parameters referenced in the query string, which allows remote attackers to modify the SESSION superglobal array via a crafted request, related to a "remote variable manipulation vulnerability."

Affected products Warnungen 0 Metrics 2 CWE 1 References 22

Data is provided by the National Vulnerability Database (NVD)

Phpmyadmin ≫ Phpmyadmin Version3.0.0

Phpmyadmin ≫ Phpmyadmin Version3.0.0 Updatealpha

Phpmyadmin ≫ Phpmyadmin Version3.0.0 Updatebeta

Phpmyadmin ≫ Phpmyadmin Version3.0.0 Updaterc1

Phpmyadmin ≫ Phpmyadmin Version3.0.1

Phpmyadmin ≫ Phpmyadmin Version3.0.1 Updaterc1

Phpmyadmin ≫ Phpmyadmin Version3.0.1.1

Phpmyadmin ≫ Phpmyadmin Version3.1.0

Phpmyadmin ≫ Phpmyadmin Version3.1.0 Updatebeta1

Phpmyadmin ≫ Phpmyadmin Version3.1.1

Phpmyadmin ≫ Phpmyadmin Version3.1.1 Updaterc1

Phpmyadmin ≫ Phpmyadmin Version3.1.2

Phpmyadmin ≫ Phpmyadmin Version3.1.2 Updaterc1

Phpmyadmin ≫ Phpmyadmin Version3.1.3

Phpmyadmin ≫ Phpmyadmin Version3.1.3 Updaterc1

Phpmyadmin ≫ Phpmyadmin Version3.1.3.1

Phpmyadmin ≫ Phpmyadmin Version3.1.3.2

Phpmyadmin ≫ Phpmyadmin Version3.1.4

Phpmyadmin ≫ Phpmyadmin Version3.1.4 Updaterc2

Phpmyadmin ≫ Phpmyadmin Version3.1.5

Phpmyadmin ≫ Phpmyadmin Version3.1.5 Updaterc1

Phpmyadmin ≫ Phpmyadmin Version3.2.0

Phpmyadmin ≫ Phpmyadmin Version3.2.0 Updatebeta1

Phpmyadmin ≫ Phpmyadmin Version3.2.0 Updaterc1

Phpmyadmin ≫ Phpmyadmin Version3.2.1

Phpmyadmin ≫ Phpmyadmin Version3.2.1 Updaterc1

Phpmyadmin ≫ Phpmyadmin Version3.2.2

Phpmyadmin ≫ Phpmyadmin Version3.2.2 Updaterc1

Phpmyadmin ≫ Phpmyadmin Version3.3.0.0

Phpmyadmin ≫ Phpmyadmin Version3.3.1.0

Phpmyadmin ≫ Phpmyadmin Version3.3.2.0

Phpmyadmin ≫ Phpmyadmin Version3.3.3.0

Phpmyadmin ≫ Phpmyadmin Version3.3.4.0

Phpmyadmin ≫ Phpmyadmin Version3.3.5.0

Phpmyadmin ≫ Phpmyadmin Version3.3.5.1

Phpmyadmin ≫ Phpmyadmin Version3.3.6

Phpmyadmin ≫ Phpmyadmin Version3.3.7

Phpmyadmin ≫ Phpmyadmin Version3.3.8

Phpmyadmin ≫ Phpmyadmin Version3.3.8.1

Phpmyadmin ≫ Phpmyadmin Version3.3.9.0

Phpmyadmin ≫ Phpmyadmin Version3.3.9.1

Phpmyadmin ≫ Phpmyadmin Version3.3.9.2

Phpmyadmin ≫ Phpmyadmin Version3.3.10.0

Phpmyadmin ≫ Phpmyadmin Version3.3.10.1

Phpmyadmin ≫ Phpmyadmin Version3.4.0.0

Phpmyadmin ≫ Phpmyadmin Version3.4.1.0

Phpmyadmin ≫ Phpmyadmin Version3.4.2.0

Phpmyadmin ≫ Phpmyadmin Version3.4.3.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	24.58%	0.959

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.4	10	4.9	AV:N/AC:L/Au:N/C:N/I:P/A:P

CWE-94 Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

http://ha.xxor.se/2011/07/phpmyadmin-3x-multiple-remote-code.html

Exploit

http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062719.html

http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commit%3Bh=7ebd958b2bf59f96fecd5b3322bdbd0b244a7967

http://secunia.com/advisories/45139

Vendor Advisory

http://secunia.com/advisories/45292

http://secunia.com/advisories/45315

http://securityreason.com/securityalert/8306

http://typo3.org/teams/security/security-bulletins/typo3-sa-2011-008/

http://www.debian.org/security/2011/dsa-2286

http://www.exploit-db.com/exploits/17514/