Description

The configuration setup script (aka scripts/setup.php) in phpMyAdmin 2.11.x before 2.11.10.1 does not properly restrict key names in its output file, which allows remote attackers to execute arbitrary PHP code via a crafted POST request.

Remediation

References

CVE-2010-3055

Related Vulnerabilities

Drupal Improper Input Validation Vulnerability (CVE-2014-5019)

PHP Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') Vulnerability (CVE-2018-19518)

WordPress Plugin WP Business Intelligence Lite Arbitrary File Upload (1.0.6)

phpMyAdmin Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2009-1285)

OpenSSL Resource Management Errors Vulnerability (CVE-2006-2937)

Severity

High

Classification

CVE-2010-3055 CWE-264

Tags

Missing Update Known Vulnerabilities