CVE-2011-2505 in phpMyAdmininfo

Summary

libraries/auth/swekey/swekey.auth.lib.php in the Swekey authentication feature in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 assigns values to arbitrary parameters referenced in the query string, which allows remote attackers to modify the SESSION superglobal array via a crafted request, related to a "remote variable manipulation vulnerability."

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Reservation

06/15/2011

Disclosure

07/14/2011

Moderation

VulDB entry created

Entries

VDB-57935 (1)

CPE

ready

CWE

CWE-94 (Confirmed)

Exploit

Download

CVSS

6.5

EPSS

0.37008

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2011-2505
NVD	https://nvd.nist.gov/vuln/detail/CVE-2011-2505
CVE Details	https://www.cvedetails.com/cve/CVE-2011-2505/

◂ Previous Overview Next ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!