CVE-2011-2719

EPSS 1.94%
Veröffentlicht 01.08.2011 19:55:01
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

libraries/auth/swekey/swekey.auth.lib.php in phpMyAdmin 3.x before 3.3.10.3 and 3.4.x before 3.4.3.2 does not properly manage sessions associated with Swekey authentication, which allows remote attackers to modify the SESSION superglobal array, other superglobal arrays, and certain swekey.auth.lib.php local variables via a crafted query string, a related issue to CVE-2011-2505.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 24

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Phpmyadmin ≫ Phpmyadmin Version3.0.0

Phpmyadmin ≫ Phpmyadmin Version3.0.0 Updatealpha

Phpmyadmin ≫ Phpmyadmin Version3.0.0 Updatebeta

Phpmyadmin ≫ Phpmyadmin Version3.0.0 Updaterc1

Phpmyadmin ≫ Phpmyadmin Version3.0.1

Phpmyadmin ≫ Phpmyadmin Version3.0.1 Updaterc1

Phpmyadmin ≫ Phpmyadmin Version3.0.1.1

Phpmyadmin ≫ Phpmyadmin Version3.1.0

Phpmyadmin ≫ Phpmyadmin Version3.1.0 Updatebeta1

Phpmyadmin ≫ Phpmyadmin Version3.1.1

Phpmyadmin ≫ Phpmyadmin Version3.1.1 Updaterc1

Phpmyadmin ≫ Phpmyadmin Version3.1.2

Phpmyadmin ≫ Phpmyadmin Version3.1.2 Updaterc1

Phpmyadmin ≫ Phpmyadmin Version3.1.3

Phpmyadmin ≫ Phpmyadmin Version3.1.3 Updaterc1

Phpmyadmin ≫ Phpmyadmin Version3.1.3.1

Phpmyadmin ≫ Phpmyadmin Version3.1.3.2

Phpmyadmin ≫ Phpmyadmin Version3.1.4

Phpmyadmin ≫ Phpmyadmin Version3.1.4 Updaterc2

Phpmyadmin ≫ Phpmyadmin Version3.1.5

Phpmyadmin ≫ Phpmyadmin Version3.1.5 Updaterc1

Phpmyadmin ≫ Phpmyadmin Version3.2.0

Phpmyadmin ≫ Phpmyadmin Version3.2.0 Updatebeta1

Phpmyadmin ≫ Phpmyadmin Version3.2.0 Updaterc1

Phpmyadmin ≫ Phpmyadmin Version3.2.1

Phpmyadmin ≫ Phpmyadmin Version3.2.1 Updaterc1

Phpmyadmin ≫ Phpmyadmin Version3.2.2

Phpmyadmin ≫ Phpmyadmin Version3.2.2 Updaterc1

Phpmyadmin ≫ Phpmyadmin Version3.3.0.0

Phpmyadmin ≫ Phpmyadmin Version3.3.1.0

Phpmyadmin ≫ Phpmyadmin Version3.3.2.0

Phpmyadmin ≫ Phpmyadmin Version3.3.3.0

Phpmyadmin ≫ Phpmyadmin Version3.3.4.0

Phpmyadmin ≫ Phpmyadmin Version3.3.5.0

Phpmyadmin ≫ Phpmyadmin Version3.3.5.1

Phpmyadmin ≫ Phpmyadmin Version3.3.6

Phpmyadmin ≫ Phpmyadmin Version3.3.7

Phpmyadmin ≫ Phpmyadmin Version3.3.8

Phpmyadmin ≫ Phpmyadmin Version3.3.8.1

Phpmyadmin ≫ Phpmyadmin Version3.3.9.0

Phpmyadmin ≫ Phpmyadmin Version3.3.9.1

Phpmyadmin ≫ Phpmyadmin Version3.3.9.2

Phpmyadmin ≫ Phpmyadmin Version3.3.10.0

Phpmyadmin ≫ Phpmyadmin Version3.3.10.1

Phpmyadmin ≫ Phpmyadmin Version3.3.10.2

Phpmyadmin ≫ Phpmyadmin Version3.4.0.0

Phpmyadmin ≫ Phpmyadmin Version3.4.1.0

Phpmyadmin ≫ Phpmyadmin Version3.4.2.0

Phpmyadmin ≫ Phpmyadmin Version3.4.3.0

Phpmyadmin ≫ Phpmyadmin Version3.4.3.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.94%	0.818

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.4	10	4.9	AV:N/AC:L/Au:N/C:N/I:P/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://secunia.com/advisories/45315

http://www.debian.org/security/2011/dsa-2286

http://www.mandriva.com/security/advisories?name=MDVSA-2011:124

http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063410.html

http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063418.html

http://secunia.com/advisories/45365

Vendor Advisory

http://secunia.com/advisories/45515

http://www.securityfocus.com/bid/48874

http://www.openwall.com/lists/oss-security/2011/07/25/4

Patch

http://www.openwall.com/lists/oss-security/2011/07/26/10