CVE-2010-3055

EUVD-2010-3057
The configuration setup script (aka scripts/setup.php) in phpMyAdmin 2.11.x before 2.11.10.1 does not properly restrict key names in its output file, which allows remote attackers to execute arbitrary PHP code via a crafted POST request.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 82%
Affected Products (NVD)
VendorProductVersion
phpmyadminphpmyadmin
2.11.0
phpmyadminphpmyadmin
2.11.1.0
phpmyadminphpmyadmin
2.11.1.1
phpmyadminphpmyadmin
2.11.1.2
phpmyadminphpmyadmin
2.11.2.0
phpmyadminphpmyadmin
2.11.2.1
phpmyadminphpmyadmin
2.11.2.2
phpmyadminphpmyadmin
2.11.3.0
phpmyadminphpmyadmin
2.11.4.0
phpmyadminphpmyadmin
2.11.5.0
phpmyadminphpmyadmin
2.11.5.1
phpmyadminphpmyadmin
2.11.5.2
phpmyadminphpmyadmin
2.11.6.0
phpmyadminphpmyadmin
2.11.7.0
phpmyadminphpmyadmin
2.11.7.1
phpmyadminphpmyadmin
2.11.8.0
phpmyadminphpmyadmin
2.11.9.0
phpmyadminphpmyadmin
2.11.9.1
phpmyadminphpmyadmin
2.11.9.2
phpmyadminphpmyadmin
2.11.9.3
phpmyadminphpmyadmin
2.11.9.4
phpmyadminphpmyadmin
2.11.9.5
phpmyadminphpmyadmin
2.11.9.6
phpmyadminphpmyadmin
2.11.10.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
phpmyadmin
bookworm
4:5.2.1+dfsg-1
fixed
bullseye
4:5.0.4+dfsg2-2+deb11u1
fixed
sid
4:5.2.1+dfsg-4
fixed
trixie
4:5.2.1+dfsg-4
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
phpmyadmin
dapper
ignored
hardy
ignored
jaunty
not-affected
karmic
not-affected
lucid
not-affected
maverick
not-affected
natty
not-affected
oneiric
not-affected
Common Weakness Enumeration
References
http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commitdiff%3Bh=30c83acddb58d3bbf940b5f9ec28abf5b235f4d2
http://secunia.com/advisories/41058
http://secunia.com/advisories/41185
http://sourceforge.net/tracker/?func=detail&aid=3045132&group_id=23067&atid=377408
http://www.debian.org/security/2010/dsa-2097
http://www.mandriva.com/security/advisories?name=MDVSA-2010:163
http://www.phpmyadmin.net/home_page/security/PMASA-2010-4.php
http://www.securityfocus.com/bid/42591
http://www.vupen.com/english/advisories/2010/2223
http://www.vupen.com/english/advisories/2010/2231
http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commitdiff%3Bh=30c83acddb58d3bbf940b5f9ec28abf5b235f4d2
http://secunia.com/advisories/41058
http://secunia.com/advisories/41185
http://sourceforge.net/tracker/?func=detail&aid=3045132&group_id=23067&atid=377408
http://www.debian.org/security/2010/dsa-2097
http://www.mandriva.com/security/advisories?name=MDVSA-2010:163
http://www.phpmyadmin.net/home_page/security/PMASA-2010-4.php
http://www.securityfocus.com/bid/42591
http://www.vupen.com/english/advisories/2010/2223
http://www.vupen.com/english/advisories/2010/2231