Lucene search

GitHub Advisory DatabaseGHSA-VQCM-R62W-W437

HistoryMay 14, 2022 - 2:55 a.m.

phpMyAdmin remote variable manipulation

2022-05-1402:55:16

CWE-94

GitHub Advisory Database

github.com

phpmyadmin

remote attack

variable manipulation

swekey authentication

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

AI Score

7.4

Confidence

Low

EPSS

0.14

Percentile

95.7%

JSON

libraries/auth/swekey/swekey.auth.lib.php in the Swekey authentication feature in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 assigns values to arbitrary parameters referenced in the query string, which allows remote attackers to modify the SESSION superglobal array via a crafted request, related to a “remote variable manipulation vulnerability.”

Affected configurations

Vulners

Node

phpmyadminphpmyadminRange<3.4.3.1

phpmyadminphpmyadminRange<3.3.10.2

VendorProductVersionCPE
phpmyadminphpmyadmin*cpe:2.3:a:phpmyadmin:phpmyadmin:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
phpmyadmin	phpmyadmin	*	cpe:2.3:a:phpmyadmin:phpmyadmin::::::::

References

ha.xxor.se/2011/07/phpmyadmin-3x-multiple-remote-code.html

lists.fedoraproject.org/pipermail/package-announce/2011-July/062719.html

securityreason.com/securityalert/8306

typo3.org/teams/security/security-bulletins/typo3-sa-2011-008/

www.debian.org/security/2011/dsa-2286

www.exploit-db.com/exploits/17514/

www.openwall.com/lists/oss-security/2011/06/28/2

www.openwall.com/lists/oss-security/2011/06/28/6

www.openwall.com/lists/oss-security/2011/06/28/8

www.openwall.com/lists/oss-security/2011/06/29/11

www.phpmyadmin.net/home_page/security/PMASA-2011-5.php

github.com/advisories/GHSA-vqcm-r62w-w437

github.com/phpmyadmin/composer/commit/7ebd958b2bf59f96fecd5b3322bdbd0b244a7967

github.com/phpmyadmin/phpmyadmin/commit/6e6e129f26295c83d67b74e202628a4b8bc49e54

github.com/phpmyadmin/phpmyadmin/commit/7ebd958b2bf59f96fecd5b3322bdbd0b244a7967

nvd.nist.gov/vuln/detail/CVE-2011-2505

web.archive.org/web/20110712103138/www.xxor.se/advisories/phpMyAdmin_3.x_Multiple_Remote_Code_Executions.txt

web.archive.org/web/20111116172111/www.securityfocus.com/archive/1/518804/100/0/threaded

web.archive.org/web/20121105034518/www.mandriva.com/en/support/security/advisories?name=MDVSA-2011:124

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

AI Score

7.4

Confidence

Low

EPSS

0.14

Percentile

95.7%

JSON

Related for GHSA-VQCM-R62W-W437