Lucene search
MitreCVE-2010-4481HistoryDec 17, 2010 - 7:00 p.m.
CVE-2010-4481
2010-12-1719:00:23
CWE-287
mitre
web.nvd.nist.gov
38
cve-2010-4481
phpmyadmin
authentication bypass
sensitive information disclosure
nvd
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
6.3
Confidence
Low
EPSS
0.006
Percentile
77.7%
phpMyAdmin before 3.4.0-beta1 allows remote attackers to bypass authentication and obtain sensitive information via a direct request to phpinfo.php, which calls the phpinfo function.
Affected configurations
Node
phpmyadminphpmyadminRange≤3.3.9.0
ORphpmyadminphpmyadminMatch2.11.0
ORphpmyadminphpmyadminMatch2.11.1.0
ORphpmyadminphpmyadminMatch2.11.1.1
ORphpmyadminphpmyadminMatch2.11.1.2
ORphpmyadminphpmyadminMatch2.11.2.0
ORphpmyadminphpmyadminMatch2.11.2.1
ORphpmyadminphpmyadminMatch2.11.2.2
ORphpmyadminphpmyadminMatch2.11.3.0
ORphpmyadminphpmyadminMatch2.11.4.0
ORphpmyadminphpmyadminMatch2.11.5.0
ORphpmyadminphpmyadminMatch2.11.5.1
ORphpmyadminphpmyadminMatch2.11.5.2
ORphpmyadminphpmyadminMatch2.11.6.0
ORphpmyadminphpmyadminMatch2.11.7.0
ORphpmyadminphpmyadminMatch2.11.7.1
ORphpmyadminphpmyadminMatch2.11.8.0
ORphpmyadminphpmyadminMatch2.11.9.0
ORphpmyadminphpmyadminMatch2.11.9.1
ORphpmyadminphpmyadminMatch2.11.9.2
ORphpmyadminphpmyadminMatch2.11.9.3
ORphpmyadminphpmyadminMatch2.11.9.4
ORphpmyadminphpmyadminMatch2.11.9.5
ORphpmyadminphpmyadminMatch2.11.9.6
ORphpmyadminphpmyadminMatch2.11.10.0
ORphpmyadminphpmyadminMatch2.11.10.1
ORphpmyadminphpmyadminMatch3.0.0
ORphpmyadminphpmyadminMatch3.0.0alpha
ORphpmyadminphpmyadminMatch3.0.0beta
ORphpmyadminphpmyadminMatch3.0.0rc1
ORphpmyadminphpmyadminMatch3.0.1
ORphpmyadminphpmyadminMatch3.0.1rc1
ORphpmyadminphpmyadminMatch3.0.1.1
ORphpmyadminphpmyadminMatch3.1.0
ORphpmyadminphpmyadminMatch3.1.0beta1
ORphpmyadminphpmyadminMatch3.1.1
ORphpmyadminphpmyadminMatch3.1.1rc1
ORphpmyadminphpmyadminMatch3.1.2
ORphpmyadminphpmyadminMatch3.1.2rc1
ORphpmyadminphpmyadminMatch3.1.3
ORphpmyadminphpmyadminMatch3.1.3rc1
ORphpmyadminphpmyadminMatch3.1.3.1
ORphpmyadminphpmyadminMatch3.1.3.2
ORphpmyadminphpmyadminMatch3.1.4
ORphpmyadminphpmyadminMatch3.1.4rc2
ORphpmyadminphpmyadminMatch3.1.5
ORphpmyadminphpmyadminMatch3.1.5rc1
ORphpmyadminphpmyadminMatch3.2.0
ORphpmyadminphpmyadminMatch3.2.0beta1
ORphpmyadminphpmyadminMatch3.2.0rc1
ORphpmyadminphpmyadminMatch3.2.1
ORphpmyadminphpmyadminMatch3.2.1rc1
ORphpmyadminphpmyadminMatch3.2.2
ORphpmyadminphpmyadminMatch3.2.2rc1
ORphpmyadminphpmyadminMatch3.3.0.0
ORphpmyadminphpmyadminMatch3.3.1.0
ORphpmyadminphpmyadminMatch3.3.2.0
ORphpmyadminphpmyadminMatch3.3.3.0
ORphpmyadminphpmyadminMatch3.3.4.0
ORphpmyadminphpmyadminMatch3.3.5.0
ORphpmyadminphpmyadminMatch3.3.5.1
ORphpmyadminphpmyadminMatch3.3.6
ORphpmyadminphpmyadminMatch3.3.7
ORphpmyadminphpmyadminMatch3.3.8
ORphpmyadminphpmyadminMatch3.3.8.1
| Vendor | Product | Version | CPE |
|---|---|---|---|
| phpmyadmin | phpmyadmin | * | cpe:2.3:a:phpmyadmin:phpmyadmin:*:*:*:*:*:*:*:* |
| phpmyadmin | phpmyadmin | 2.11.0 | cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.0:*:*:*:*:*:*:* |
| phpmyadmin | phpmyadmin | 2.11.1.0 | cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.1.0:*:*:*:*:*:*:* |
| phpmyadmin | phpmyadmin | 2.11.1.1 | cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.1.1:*:*:*:*:*:*:* |
| phpmyadmin | phpmyadmin | 2.11.1.2 | cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.1.2:*:*:*:*:*:*:* |
| phpmyadmin | phpmyadmin | 2.11.2.0 | cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.2.0:*:*:*:*:*:*:* |
| phpmyadmin | phpmyadmin | 2.11.2.1 | cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.2.1:*:*:*:*:*:*:* |
| phpmyadmin | phpmyadmin | 2.11.2.2 | cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.2.2:*:*:*:*:*:*:* |
| phpmyadmin | phpmyadmin | 2.11.3.0 | cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.3.0:*:*:*:*:*:*:* |
| phpmyadmin | phpmyadmin | 2.11.4.0 | cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.4.0:*:*:*:*:*:*:* |
References
phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commitdiff%3Bh=4d9fd005671b05c4d74615d5939ed45e4d019e4c
secunia.com/advisories/42485
secunia.com/advisories/42725
www.debian.org/security/2010/dsa-2139
www.mandriva.com/security/advisories?name=MDVSA-2011:000
www.phpmyadmin.net/home_page/security/PMASA-2010-10.php
www.vupen.com/english/advisories/2010/3238
www.vupen.com/english/advisories/2011/0001
www.vupen.com/english/advisories/2011/0027
Related
prion
prion
Authentication flaw
2010-12-17 19:00:00
nvd
nvd
CVE-2010-4481
2010-12-17 19:00:23
cvelist
cvelist
CVE-2010-4481
2010-12-17 18:00:00
debiancve
debiancve
CVE-2010-4481
2010-12-17 19:00:23
ubuntucve
ubuntucve
CVE-2010-4481
2010-12-17 00:00:00
phpmyadmin
phpmyadmin
Possible information disclosure.
2010-12-07 00:00:00
openvas
openvas
phpMyAdmin 'phpinfo.php' Security Bypass Vulnerability - Active Check
2010-12-27 00:00:00
Mandriva Update for phpmyadmin MDVSA-2011:000 (phpmyadmin)
2011-01-11 00:00:00
Fedora Update for phpMyAdmin FEDORA-2011-3733
2011-04-01 00:00:00
fedora
fedora
[SECURITY] Fedora 15 Update: phpMyAdmin-3.3.10-1.fc15
2011-03-26 05:11:26
[SECURITY] Fedora 13 Update: phpMyAdmin-3.3.10-1.fc13
2011-03-29 19:53:51
[SECURITY] Fedora 14 Update: phpMyAdmin-3.3.10-1.fc14
2011-03-29 19:52:43
nessus
nessus
Fedora 15 : phpMyAdmin-3.3.10-1.fc15 (2011-3761)
2011-03-27 00:00:00
Fedora 13 : phpMyAdmin-3.3.10-1.fc13 (2011-3733)
2011-03-30 00:00:00
Fedora 14 : phpMyAdmin-3.3.10-1.fc14 (2011-3737)
2011-03-30 00:00:00
debian
debian
[SECURITY] [DSA 2139-1] New phpmyadmin packages fix several vulnerabilities
2010-12-31 15:57:29
osv
osv
phpmyadmin - several
2010-12-31 00:00:00
securityvulns
securityvulns
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
6.3
Confidence
Low
EPSS
0.006
Percentile
77.7%
Related for CVE-2010-4481