Description

The configuration setup script (aka scripts/setup.php) in phpMyAdmin 2.11.x before 2.11.10.1 does not properly restrict key names in its output file, which allows remote attackers to execute arbitrary PHP code via a crafted POST request.

Remediation

References

CVE-2010-3055

Related Vulnerabilities

Atlassian Jira CVE-2021-26081 Vulnerability (CVE-2021-26081)

Joomla Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-26030)

MySQL CVE-2020-2763 Vulnerability (CVE-2020-2763)

WordPress Plugin Forms:3rd-Party Inject Results Cross-Site Scripting (0.2)

WordPress Plugin mklasen's Photobox Cross-Site Scripting (1.0)

Severity

High

Classification

CVE-2010-3055 CWE-264

Tags

Missing Update Known Vulnerabilities