ID:4296 - Exploit for Code Injection in phpMyAdmin - CVE-2011-2505

CSH
CYBERSECURITY HELP
Sign In REGISTER
 
Main Vulnerability Database Exploits ID:4296 - Exploit for Code Injection in phpMyAdmin - CVE-2011-2505

ID:4296 - Exploit for Code Injection in phpMyAdmin - CVE-2011-2505

Published: August 11, 2020


Vulnerability identifier: #VU44889
Vulnerability risk: Medium
CVE-ID: CVE-2011-2505
CWE-ID: CWE-94
Exploitation vector: Remote access
Vulnerable software:
phpMyAdmin

Link to public exploit:


Vulnerability description

The vulnerability allows a remote non-authenticated attacker to manipulate or delete data.

libraries/auth/swekey/swekey.auth.lib.php in the Swekey authentication feature in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 assigns values to arbitrary parameters referenced in the query string, which allows remote attackers to modify the SESSION superglobal array via a crafted request, related to a "remote variable manipulation vulnerability."


Remediation

Install update from vendor's website.