PhpMyAdmin Configuration File PHP Code Injection Vulnerability Network Vulnerability

Summary

phpMyAdmin is prone to a remote PHP code-injection vulnerability. An attacker can exploit this issue to inject and execute arbitrary PHP code in the context of the webserver process. This may facilitate a compromise of the application and the underlying computer other attacks are also possible. Versions prior to phpMyAdmin 2.11.10.1 are affected.

Solution

Vendor updates are available. Please see the references for more information.

References

http://www.phpmyadmin.net/
http://www.phpmyadmin.net/home_page/security/PMASA-2010-4.php
https://www.securityfocus.com/bid/42591

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-3055

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

AlienVault Open Source SIEM (OSSIM) 'timestamp' Parameter Directory Traversal Vulnerability
appRain CMF SQL Injection And Cross Site Scripting Vulnerabilities
ArticleFR CMS 'id' Parameter SQL Injection Vulnerability
ASP Inline Corporate Calendar SQL injection
Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object Remote Code Execution

phpMyAdmin Configuration File PHP Code Injection Vulnerability

Take action and discover your vulnerabilities