CVE-2011-2506 – phpMyAdmin 3.x - Swekey Remote Code Injection
https://notcve.org/view.php?id=CVE-2011-2506
setup/lib/ConfigGenerator.class.php in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 does not properly restrict the presence of comment closing delimiters, which allows remote attackers to conduct static code injection attacks by leveraging the ability to modify the SESSION superglobal array. setup/lib/ConfigGenerator.class.php en phpMyAdmin v3.x anterior a v3.3.10.2 y v3.4.x anterior a v3.4.3.1 no restringe correctamente la presencia de los delimitadores de cierre de comentario, permitiendo a atacantes remotos realizar ataques de inyección de código estático mediante la modificación del array superglobal SESIÓN. phpMyAdmin version 3.x suffers from multiple remote code execution vulnerabilities. • https://www.exploit-db.com/exploits/17514 https://www.exploit-db.com/exploits/17510 http://ha.xxor.se/2011/07/phpmyadmin-3x-multiple-remote-code.html http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062719.html http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commit%3Bh=0fbedaf5fd7a771d0885c6b7385d934fc90d0d7f http://secunia.com/advisories/45139 http://secunia.com/advisories/45292 http://secunia.com/advisories/45315 http://securityreason.com/securityaler • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2011-2508 – phpMyAdmin 3.x Remote Code Execution
https://notcve.org/view.php?id=CVE-2011-2508
Directory traversal vulnerability in libraries/display_tbl.lib.php in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1, when a certain MIME transformation feature is enabled, allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in a GLOBALS[mime_map][$meta->name][transformation] parameter. Vulnerabilidad de salto de directorio en libraries/display_tbl.lib.php en phpMyAdmin v3.x anterior a v3.3.10.2 y v3.4.x anterior a v3.4.3.1 cuando una determinada transformación MIME está habilitada, permitiendo a usuarios remotos autenticados incluir y ejecutar archivos locales a través de un .. (punto punto) en el parámetro GLOBALS[mime_map][$meta->name][transformation]. phpMyAdmin version 3.x suffers from multiple remote code execution vulnerabilities. • http://ha.xxor.se/2011/07/phpmyadmin-3x-multiple-remote-code.html http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062719.html http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commit%3Bh=b434320eff8ca9c2fc1b043c1804f868341af9a7 http://secunia.com/advisories/45139 http://secunia.com/advisories/45292 http://secunia.com/advisories/45315 http://securityreason.com/securityalert/8306 http://typo3.org/teams/security/security-bulletins/typo3-sa-2011-008 http:// • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2011-2505 – phpMyAdmin3 (pma3) - Remote Code Execution
https://notcve.org/view.php?id=CVE-2011-2505
libraries/auth/swekey/swekey.auth.lib.php in the Swekey authentication feature in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 assigns values to arbitrary parameters referenced in the query string, which allows remote attackers to modify the SESSION superglobal array via a crafted request, related to a "remote variable manipulation vulnerability." libraries/auth/swekey/swekey.auth.lib.php en la función de autenticación Swekey en phpMyAdmin v3.x anterior a v3.3.10.2 y v3.4.x anterior a v3.4.3.1 asigna valores a parámetros arbitrarios referenciados en la cadena de consulta, permitiendo a atacantes remotos modificar el array superglobal SESIÓN a través de una solicitud manipulada, relacionado con "vulnerabilidad de manipulación de variable remota" phpMyAdmin version 3.x suffers from multiple remote code execution vulnerabilities. • https://www.exploit-db.com/exploits/17510 https://www.exploit-db.com/exploits/17514 http://ha.xxor.se/2011/07/phpmyadmin-3x-multiple-remote-code.html http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062719.html http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commit%3Bh=7ebd958b2bf59f96fecd5b3322bdbd0b244a7967 http://secunia.com/advisories/45139 http://secunia.com/advisories/45292 http://secunia.com/advisories/45315 http://securityreason.com/securityaler • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2011-2507 – phpMyAdmin 3.x Remote Code Execution
https://notcve.org/view.php?id=CVE-2011-2507
libraries/server_synchronize.lib.php in the Synchronize implementation in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 does not properly quote regular expressions, which allows remote authenticated users to inject a PCRE e (aka PREG_REPLACE_EVAL) modifier, and consequently execute arbitrary PHP code, by leveraging the ability to modify the SESSION superglobal array. libraries/server_synchronize.lib.php en la implementación Synchronize en phpMyAdmin v3.x anterior a v3.3.10.2 y v3.4.x anterior a v3.4.3.1 no entrecomilla correctamente las expresiones regulares, permitiendo a usuarios remotos autenticados inyectar PCRE (conocido como PREG_REPLACE_EVAL) y ejecutar código PHP arbitrario, mediante la modificación del array superglobal SESIÓN. phpMyAdmin version 3.x suffers from multiple remote code execution vulnerabilities. • http://0x6a616d6573.blogspot.com/2011/07/phpmyadmin-fud.html http://ha.xxor.se/2011/07/phpmyadmin-3x-multiple-remote-code.html http://ha.xxor.se/2011/07/phpmyadmin-3x-pregreplace-rce-poc.html http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062719.html http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commit%3Bh=69fb0f8e7dc38075427aceaf09bcac697d0590ff http://secunia.com/advisories/45139 http://secunia.com/advisories/45292 http://secunia.com/advisories/ • CWE-94: Improper Control of Generation of Code ('Code Injection') •