CVE-2011-2507

2011-07-1400:00:00

ubuntu.com

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

EPSS

0.166

Percentile

96.0%

JSON

libraries/server_synchronize.lib.php in the Synchronize implementation in
phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 does not properly
quote regular expressions, which allows remote authenticated users to
inject a PCRE e (aka PREG_REPLACE_EVAL) modifier, and consequently execute
arbitrary PHP code, by leveraging the ability to modify the SESSION
superglobal array.

Bugs

<https://bugs.launchpad.net/ubuntu/+source/phpmyadmin/+bug/806788>

OSVersionArchitecturePackageVersionFilename
ubuntu11.10noarchphpmyadmin< 4:3.4.3.1-1UNKNOWN
ubuntu12.04noarchphpmyadmin< 4:3.4.3.1-1UNKNOWN
ubuntu12.10noarchphpmyadmin< 4:3.4.3.1-1UNKNOWN
ubuntu13.04noarchphpmyadmin< 4:3.4.3.1-1UNKNOWN
ubuntu13.10noarchphpmyadmin< 4:3.4.3.1-1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	11.10	noarch	phpmyadmin	< 4:3.4.3.1-1	UNKNOWN
ubuntu	12.04	noarch	phpmyadmin	< 4:3.4.3.1-1	UNKNOWN
ubuntu	12.10	noarch	phpmyadmin	< 4:3.4.3.1-1	UNKNOWN
ubuntu	13.04	noarch	phpmyadmin	< 4:3.4.3.1-1	UNKNOWN
ubuntu	13.10	noarch	phpmyadmin	< 4:3.4.3.1-1	UNKNOWN