CVE-2011-2507 in phpMyAdmininfo

Summary

libraries/server_synchronize.lib.php in the Synchronize implementation in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 does not properly quote regular expressions, which allows remote authenticated users to inject a PCRE e (aka PREG_REPLACE_EVAL) modifier, and consequently execute arbitrary PHP code, by leveraging the ability to modify the SESSION superglobal array.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Reservation

06/15/2011

Disclosure

07/14/2011

Moderation

VulDB entry created

Entries

VDB-57937 (1)

CPE

ready

CWE

CWE-94 (Confirmed)

Exploit

Download

CVSS

5.5

EPSS

0.03737

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2011-2507
NVD	https://nvd.nist.gov/vuln/detail/CVE-2011-2507
CVE Details	https://www.cvedetails.com/cve/CVE-2011-2507/

◂ Previous Overview Next ▸

Might our Artificial Intelligence support you?

Check our Alexa App!