CVE-2011-2506

2011-07-1400:00:00

ubuntu.com

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.199

Percentile

96.3%

JSON

setup/lib/ConfigGenerator.class.php in phpMyAdmin 3.x before 3.3.10.2 and
3.4.x before 3.4.3.1 does not properly restrict the presence of comment
closing delimiters, which allows remote attackers to conduct static code
injection attacks by leveraging the ability to modify the SESSION
superglobal array.

Bugs

<https://bugs.launchpad.net/ubuntu/+source/phpmyadmin/+bug/806788>

OSVersionArchitecturePackageVersionFilename
ubuntu11.10noarchphpmyadmin< 4:3.4.3.1-1UNKNOWN
ubuntu12.04noarchphpmyadmin< 4:3.4.3.1-1UNKNOWN
ubuntu12.10noarchphpmyadmin< 4:3.4.3.1-1UNKNOWN
ubuntu13.04noarchphpmyadmin< 4:3.4.3.1-1UNKNOWN
ubuntu13.10noarchphpmyadmin< 4:3.4.3.1-1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	11.10	noarch	phpmyadmin	< 4:3.4.3.1-1	UNKNOWN
ubuntu	12.04	noarch	phpmyadmin	< 4:3.4.3.1-1	UNKNOWN
ubuntu	12.10	noarch	phpmyadmin	< 4:3.4.3.1-1	UNKNOWN
ubuntu	13.04	noarch	phpmyadmin	< 4:3.4.3.1-1	UNKNOWN
ubuntu	13.10	noarch	phpmyadmin	< 4:3.4.3.1-1	UNKNOWN