Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2011-2506

setup/lib/ConfigGenerator.class.php in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 does not properly restrict the presence of comment closing delimiters, which allows remote attackers to conduct static code injection attacks by leveraging the ability to modify the SESSION superglobal array.

Related bugs and status

CVE-2011-2506 (Candidate) is related to these bugs:

Bug #806788: phpMyAdmin Security fixes in versions 3.3.10.2 and 3.4.3.1

		In	Importance	Status
806788	phpMyAdmin Security fixes in versions 3.3.10.2 and 3.4.3.1	phpmyadmin (Ubuntu)	Undecided	Invalid
806788	phpMyAdmin Security fixes in versions 3.3.10.2 and 3.4.3.1	phpmyadmin (Ubuntu Lucid)	Undecided	Invalid
806788	phpMyAdmin Security fixes in versions 3.3.10.2 and 3.4.3.1	phpmyadmin (Ubuntu Maverick)	Undecided	Invalid
806788	phpMyAdmin Security fixes in versions 3.3.10.2 and 3.4.3.1	phpmyadmin (Ubuntu Natty)	Undecided	Invalid

See the

CVE page on Mitre.org for more details.

References

EXPLOIT-DB: 17514
MLIST: [oss-security] 2011062...
MLIST: [oss-security] 2011062...
MLIST: [oss-security] 2011062...
MLIST: [oss-security] 2011062...
MISC: http://ha.xxor.se/2011...
MISC: http://www.xxor.se/adv...
CONFIRM: http://phpmyadmin.git....
CONFIRM: http://typo3.org/teams...
CONFIRM: http://www.phpmyadmin....
OSVDB: 73612
SECUNIA: 45139
DEBIAN: DSA-2286
FEDORA: FEDORA-2011-9144
SECUNIA: 45292
SECUNIA: 45315
SREASON: 8306
MANDRIVA: MDVSA-2011:124
BUGTRAQ: 20110707 phpMyAdmin 3....