6.4
CVE-2011-2719
- EPSS 2.43%
- Veröffentlicht 01.08.2011 19:55:01
- Zuletzt bearbeitet 16.06.2026 23:31:51
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
libraries/auth/swekey/swekey.auth.lib.php in phpMyAdmin 3.x before 3.3.10.3 and 3.4.x before 3.4.3.2 does not properly manage sessions associated with Swekey authentication, which allows remote attackers to modify the SESSION superglobal array, other superglobal arrays, and certain swekey.auth.lib.php local variables via a crafted query string, a related issue to CVE-2011-2505.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Phpmyadmin ≫ Phpmyadmin Version3.0.0
Phpmyadmin ≫ Phpmyadmin Version3.0.0 Updatealpha
Phpmyadmin ≫ Phpmyadmin Version3.0.0 Updatebeta
Phpmyadmin ≫ Phpmyadmin Version3.0.0 Updaterc1
Phpmyadmin ≫ Phpmyadmin Version3.0.1
Phpmyadmin ≫ Phpmyadmin Version3.0.1 Updaterc1
Phpmyadmin ≫ Phpmyadmin Version3.0.1.1
Phpmyadmin ≫ Phpmyadmin Version3.1.0
Phpmyadmin ≫ Phpmyadmin Version3.1.0 Updatebeta1
Phpmyadmin ≫ Phpmyadmin Version3.1.1
Phpmyadmin ≫ Phpmyadmin Version3.1.1 Updaterc1
Phpmyadmin ≫ Phpmyadmin Version3.1.2
Phpmyadmin ≫ Phpmyadmin Version3.1.2 Updaterc1
Phpmyadmin ≫ Phpmyadmin Version3.1.3
Phpmyadmin ≫ Phpmyadmin Version3.1.3 Updaterc1
Phpmyadmin ≫ Phpmyadmin Version3.1.3.1
Phpmyadmin ≫ Phpmyadmin Version3.1.3.2
Phpmyadmin ≫ Phpmyadmin Version3.1.4
Phpmyadmin ≫ Phpmyadmin Version3.1.4 Updaterc2
Phpmyadmin ≫ Phpmyadmin Version3.1.5
Phpmyadmin ≫ Phpmyadmin Version3.1.5 Updaterc1
Phpmyadmin ≫ Phpmyadmin Version3.2.0
Phpmyadmin ≫ Phpmyadmin Version3.2.0 Updatebeta1
Phpmyadmin ≫ Phpmyadmin Version3.2.0 Updaterc1
Phpmyadmin ≫ Phpmyadmin Version3.2.1
Phpmyadmin ≫ Phpmyadmin Version3.2.1 Updaterc1
Phpmyadmin ≫ Phpmyadmin Version3.2.2
Phpmyadmin ≫ Phpmyadmin Version3.2.2 Updaterc1
Phpmyadmin ≫ Phpmyadmin Version3.3.0.0
Phpmyadmin ≫ Phpmyadmin Version3.3.1.0
Phpmyadmin ≫ Phpmyadmin Version3.3.2.0
Phpmyadmin ≫ Phpmyadmin Version3.3.3.0
Phpmyadmin ≫ Phpmyadmin Version3.3.4.0
Phpmyadmin ≫ Phpmyadmin Version3.3.5.0
Phpmyadmin ≫ Phpmyadmin Version3.3.5.1
Phpmyadmin ≫ Phpmyadmin Version3.3.6
Phpmyadmin ≫ Phpmyadmin Version3.3.7
Phpmyadmin ≫ Phpmyadmin Version3.3.8
Phpmyadmin ≫ Phpmyadmin Version3.3.8.1
Phpmyadmin ≫ Phpmyadmin Version3.3.9.0
Phpmyadmin ≫ Phpmyadmin Version3.3.9.1
Phpmyadmin ≫ Phpmyadmin Version3.3.9.2
Phpmyadmin ≫ Phpmyadmin Version3.3.10.0
Phpmyadmin ≫ Phpmyadmin Version3.3.10.1
Phpmyadmin ≫ Phpmyadmin Version3.3.10.2
Phpmyadmin ≫ Phpmyadmin Version3.4.0.0
Phpmyadmin ≫ Phpmyadmin Version3.4.1.0
Phpmyadmin ≫ Phpmyadmin Version3.4.2.0
Phpmyadmin ≫ Phpmyadmin Version3.4.3.0
Phpmyadmin ≫ Phpmyadmin Version3.4.3.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.43% | 0.821 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.4 | 10 | 4.9 |
AV:N/AC:L/Au:N/C:N/I:P/A:P
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://secunia.com/advisories/45315
http://www.debian.org/security/2011/dsa-2286
http://www.mandriva.com/security/advisories?name=MDVSA-2011:124
http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063410.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063418.html
http://secunia.com/advisories/45365
http://secunia.com/advisories/45515
http://www.securityfocus.com/bid/48874
http://www.openwall.com/lists/oss-security/2011/07/25/4
http://www.openwall.com/lists/oss-security/2011/07/26/10
http://osvdb.org/74112
http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commit%3Bh=571cdc6ff4bf375871b594f4e06f8ad3159d1754
http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commit%3Bh=e7bb42c002885c2aca7aba4d431b8c63ae4de9b7
http://seclists.org/fulldisclosure/2011/Jul/300
http://securityreason.com/securityalert/8322
http://www.phpmyadmin.net/home_page/security/PMASA-2011-12.php
http://www.securityfocus.com/archive/1/518967/100/0/threaded
http://www.securityfocus.com/archive/1/519155/100/0/threaded
http://www.xxor.se/advisories/phpMyAdmin_3.x_Conditional_Session_Manipulation.txt
https://bugzilla.redhat.com/show_bug.cgi?id=725384
https://exchange.xforce.ibmcloud.com/vulnerabilities/68769