ID:4295 - Exploit for Code Injection in phpMyAdmin - CVE-2011-2506

CSH
CYBERSECURITY HELP
Sign In REGISTER
 
Main Vulnerability Database Exploits ID:4295 - Exploit for Code Injection in phpMyAdmin - CVE-2011-2506

ID:4295 - Exploit for Code Injection in phpMyAdmin - CVE-2011-2506

Published: August 11, 2020


Vulnerability identifier: #VU44890
Vulnerability risk: Medium
CVE-ID: CVE-2011-2506
CWE-ID: CWE-94
Exploitation vector: Remote access
Vulnerable software:
phpMyAdmin

Link to public exploit:


Vulnerability description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

setup/lib/ConfigGenerator.class.php in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 does not properly restrict the presence of comment closing delimiters, which allows remote attackers to conduct static code injection attacks by leveraging the ability to modify the SESSION superglobal array.


Remediation

Install update from vendor's website.