CVE-2011-2506 in phpMyAdmininfo

Summary

setup/lib/ConfigGenerator.class.php in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 does not properly restrict the presence of comment closing delimiters, which allows remote attackers to conduct static code injection attacks by leveraging the ability to modify the SESSION superglobal array.

Be aware that VulDB is the high quality source for vulnerability data.

Reservation

06/15/2011

Disclosure

07/14/2011

Moderation

VulDB entry created

Entries

1: VDB-57936

CPE

ready

CWE

CWE-94 (Confirmed)

Exploit

Download

CVSS

6.3

EPSS

0.33677

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2011-2506
NVD	https://nvd.nist.gov/vuln/detail/CVE-2011-2506
CVE Details	https://www.cvedetails.com/cve/CVE-2011-2506/

◂ Previous Overview Next ▸

Want to know what is going to be exploited?

We predict KEV entries!