Summary
phpMyAdmin is prone to multiple remote vulnerabilities, including PHP code-execution and local file-include vulnerabilities.
Successful attacks can compromise the affected application and possibly the underlying computer.
phpMyAdmin versions prior to 3.3.10.2 and 3.4.3.1 are vulnerable.
Solution
Updates are available. Please see the references for more information.
References
- http://ha.xxor.se/2011/07/phpmyadmin-3x-multiple-remote-code.html
- http://typo3.org/teams/security/security-bulletins/typo3-sa-2011-008/
- http://www.phpmyadmin.net/home_page/index.php
- http://www.phpmyadmin.net/home_page/security/PMASA-2011-5.php
- http://www.phpmyadmin.net/home_page/security/PMASA-2011-6.php
- http://www.phpmyadmin.net/home_page/security/PMASA-2011-7.php
- http://www.phpmyadmin.net/home_page/security/PMASA-2011-8.php
- http://www.securityfocus.com/bid/48563
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2011-2505, CVE-2011-2506, CVE-2011-2507, CVE-2011-2508 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities