Description
The configuration setup script (aka scripts/setup.php) in phpMyAdmin 2.11.x before 2.11.10.1 does not properly restrict key names in its output file, which allows remote attackers to execute arbitrary PHP code via a crafted POST request.
Remediation
References
Related Vulnerabilities
WordPress 4.6.x Multiple Vulnerabilities (4.6 - 4.6.16)
phpMyAdmin Other Vulnerability (CVE-2005-0544)
Oracle Database Server Other Vulnerability (CVE-2005-3437)
Atlassian Jira CVE-2021-26075 Vulnerability (CVE-2021-26075)
WordPress Plugin BSK PDF Manager Multiple Cross-Site Scripting Vulnerabilities (1.3)