Vulnerability-Lookup

CVE-2011-2507 (GCVE-0-2011-2507)

Vulnerability from cvelistv5 – Published: 2011-07-14 23:00 – Updated: 2024-08-06 23:00

Summary

libraries/server_synchronize.lib.php in the Synchronize implementation in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 does not properly quote regular expressions, which allows remote authenticated users to inject a PCRE e (aka PREG_REPLACE_EVAL) modifier, and consequently execute arbitrary PHP code, by leveraging the ability to modify the SESSION superglobal array.

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

URL

Tags

	http://www.xxor.se/advisories/phpMyAdmin_3.x_Mult…	x_refsource_MISC
	http://www.openwall.com/lists/oss-security/2011/06/28/2	mailing-listx_refsource_MLIST
	http://typo3.org/teams/security/security-bulletin…	x_refsource_CONFIRM
	http://secunia.com/advisories/45292	third-party-advisoryx_refsource_SECUNIA
	http://www.openwall.com/lists/oss-security/2011/06/28/6	mailing-listx_refsource_MLIST
	http://www.phpmyadmin.net/home_page/security/PMAS…	x_refsource_CONFIRM
	http://www.openwall.com/lists/oss-security/2011/06/28/8	mailing-listx_refsource_MLIST
	http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
	http://securityreason.com/securityalert/8306	third-party-advisoryx_refsource_SREASON
	http://phpmyadmin.git.sourceforge.net/git/gitweb.…	x_refsource_CONFIRM
	http://secunia.com/advisories/45139	third-party-advisoryx_refsource_SECUNIA
	http://ha.xxor.se/2011/07/phpmyadmin-3x-pregrepla…	x_refsource_MISC
	http://www.debian.org/security/2011/dsa-2286	vendor-advisoryx_refsource_DEBIAN
	http://0x6a616d6573.blogspot.com/2011/07/phpmyadm…	x_refsource_MISC
	http://www.securityfocus.com/archive/1/518804/100…	mailing-listx_refsource_BUGTRAQ
	http://www.openwall.com/lists/oss-security/2011/0…	mailing-listx_refsource_MLIST
	http://www.osvdb.org/73613	vdb-entryx_refsource_OSVDB
	http://ha.xxor.se/2011/07/phpmyadmin-3x-multiple-…	x_refsource_MISC
	http://secunia.com/advisories/45315	third-party-advisoryx_refsource_SECUNIA
	http://lists.fedoraproject.org/pipermail/package-…	vendor-advisoryx_refsource_FEDORA

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T23:00:34.267Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.xxor.se/advisories/phpMyAdmin_3.x_Multiple_Remote_Code_Executions.txt"
          },
          {
            "name": "[oss-security] 20110628 CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2011/06/28/2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2011-008/"
          },
          {
            "name": "45292",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/45292"
          },
          {
            "name": "[oss-security] 20110628 Re: CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2011/06/28/6"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.phpmyadmin.net/home_page/security/PMASA-2011-7.php"
          },
          {
            "name": "[oss-security] 20110628 Re: [Phpmyadmin-security] CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2011/06/28/8"
          },
          {
            "name": "MDVSA-2011:124",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:124"
          },
          {
            "name": "8306",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/8306"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commit%3Bh=69fb0f8e7dc38075427aceaf09bcac697d0590ff"
          },
          {
            "name": "45139",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/45139"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://ha.xxor.se/2011/07/phpmyadmin-3x-pregreplace-rce-poc.html"
          },
          {
            "name": "DSA-2286",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2011/dsa-2286"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://0x6a616d6573.blogspot.com/2011/07/phpmyadmin-fud.html"
          },
          {
            "name": "20110707 phpMyAdmin 3.x Multiple Remote Code Executions",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/518804/100/0/threaded"
          },
          {
            "name": "[oss-security] 20110629 Re: CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2011/06/29/11"
          },
          {
            "name": "73613",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/73613"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://ha.xxor.se/2011/07/phpmyadmin-3x-multiple-remote-code.html"
          },
          {
            "name": "45315",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/45315"
          },
          {
            "name": "FEDORA-2011-9144",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062719.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-06-28T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "libraries/server_synchronize.lib.php in the Synchronize implementation in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 does not properly quote regular expressions, which allows remote authenticated users to inject a PCRE e (aka PREG_REPLACE_EVAL) modifier, and consequently execute arbitrary PHP code, by leveraging the ability to modify the SESSION superglobal array."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-09T18:57:01.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.xxor.se/advisories/phpMyAdmin_3.x_Multiple_Remote_Code_Executions.txt"
        },
        {
          "name": "[oss-security] 20110628 CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2011/06/28/2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2011-008/"
        },
        {
          "name": "45292",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/45292"
        },
        {
          "name": "[oss-security] 20110628 Re: CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2011/06/28/6"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.phpmyadmin.net/home_page/security/PMASA-2011-7.php"
        },
        {
          "name": "[oss-security] 20110628 Re: [Phpmyadmin-security] CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2011/06/28/8"
        },
        {
          "name": "MDVSA-2011:124",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:124"
        },
        {
          "name": "8306",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/8306"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commit%3Bh=69fb0f8e7dc38075427aceaf09bcac697d0590ff"
        },
        {
          "name": "45139",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/45139"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://ha.xxor.se/2011/07/phpmyadmin-3x-pregreplace-rce-poc.html"
        },
        {
          "name": "DSA-2286",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2011/dsa-2286"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://0x6a616d6573.blogspot.com/2011/07/phpmyadmin-fud.html"
        },
        {
          "name": "20110707 phpMyAdmin 3.x Multiple Remote Code Executions",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/518804/100/0/threaded"
        },
        {
          "name": "[oss-security] 20110629 Re: CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2011/06/29/11"
        },
        {
          "name": "73613",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/73613"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://ha.xxor.se/2011/07/phpmyadmin-3x-multiple-remote-code.html"
        },
        {
          "name": "45315",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/45315"
        },
        {
          "name": "FEDORA-2011-9144",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062719.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2011-2507",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "libraries/server_synchronize.lib.php in the Synchronize implementation in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 does not properly quote regular expressions, which allows remote authenticated users to inject a PCRE e (aka PREG_REPLACE_EVAL) modifier, and consequently execute arbitrary PHP code, by leveraging the ability to modify the SESSION superglobal array."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.xxor.se/advisories/phpMyAdmin_3.x_Multiple_Remote_Code_Executions.txt",
              "refsource": "MISC",
              "url": "http://www.xxor.se/advisories/phpMyAdmin_3.x_Multiple_Remote_Code_Executions.txt"
            },
            {
              "name": "[oss-security] 20110628 CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2011/06/28/2"
            },
            {
              "name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2011-008/",
              "refsource": "CONFIRM",
              "url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2011-008/"
            },
            {
              "name": "45292",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/45292"
            },
            {
              "name": "[oss-security] 20110628 Re: CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2011/06/28/6"
            },
            {
              "name": "http://www.phpmyadmin.net/home_page/security/PMASA-2011-7.php",
              "refsource": "CONFIRM",
              "url": "http://www.phpmyadmin.net/home_page/security/PMASA-2011-7.php"
            },
            {
              "name": "[oss-security] 20110628 Re: [Phpmyadmin-security] CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2011/06/28/8"
            },
            {
              "name": "MDVSA-2011:124",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:124"
            },
            {
              "name": "8306",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/8306"
            },
            {
              "name": "http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commit;h=69fb0f8e7dc38075427aceaf09bcac697d0590ff",
              "refsource": "CONFIRM",
              "url": "http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commit;h=69fb0f8e7dc38075427aceaf09bcac697d0590ff"
            },
            {
              "name": "45139",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/45139"
            },
            {
              "name": "http://ha.xxor.se/2011/07/phpmyadmin-3x-pregreplace-rce-poc.html",
              "refsource": "MISC",
              "url": "http://ha.xxor.se/2011/07/phpmyadmin-3x-pregreplace-rce-poc.html"
            },
            {
              "name": "DSA-2286",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2011/dsa-2286"
            },
            {
              "name": "http://0x6a616d6573.blogspot.com/2011/07/phpmyadmin-fud.html",
              "refsource": "MISC",
              "url": "http://0x6a616d6573.blogspot.com/2011/07/phpmyadmin-fud.html"
            },
            {
              "name": "20110707 phpMyAdmin 3.x Multiple Remote Code Executions",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/518804/100/0/threaded"
            },
            {
              "name": "[oss-security] 20110629 Re: CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2011/06/29/11"
            },
            {
              "name": "73613",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/73613"
            },
            {
              "name": "http://ha.xxor.se/2011/07/phpmyadmin-3x-multiple-remote-code.html",
              "refsource": "MISC",
              "url": "http://ha.xxor.se/2011/07/phpmyadmin-3x-multiple-remote-code.html"
            },
            {
              "name": "45315",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/45315"
            },
            {
              "name": "FEDORA-2011-9144",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062719.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2011-2507",
    "datePublished": "2011-07-14T23:00:00.000Z",
    "dateReserved": "2011-06-15T00:00:00.000Z",
    "dateUpdated": "2024-08-06T23:00:34.267Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

FKIE_CVE-2011-2507

Vulnerability from fkie_nvd - Published: 2011-07-14 23:55 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
secalert@redhat.com	http://0x6a616d6573.blogspot.com/2011/07/phpmyadmin-fud.html
secalert@redhat.com	http://ha.xxor.se/2011/07/phpmyadmin-3x-multiple-remote-code.html	Exploit
secalert@redhat.com	http://ha.xxor.se/2011/07/phpmyadmin-3x-pregreplace-rce-poc.html	Exploit
secalert@redhat.com	http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062719.html
secalert@redhat.com	http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commit%3Bh=69fb0f8e7dc38075427aceaf09bcac697d0590ff
secalert@redhat.com	http://secunia.com/advisories/45139	Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/45292
secalert@redhat.com	http://secunia.com/advisories/45315
secalert@redhat.com	http://securityreason.com/securityalert/8306
secalert@redhat.com	http://typo3.org/teams/security/security-bulletins/typo3-sa-2011-008/
secalert@redhat.com	http://www.debian.org/security/2011/dsa-2286
secalert@redhat.com	http://www.mandriva.com/security/advisories?name=MDVSA-2011:124
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2011/06/28/2
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2011/06/28/6
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2011/06/28/8
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2011/06/29/11
secalert@redhat.com	http://www.osvdb.org/73613
secalert@redhat.com	http://www.phpmyadmin.net/home_page/security/PMASA-2011-7.php	Patch, Vendor Advisory
secalert@redhat.com	http://www.securityfocus.com/archive/1/518804/100/0/threaded
secalert@redhat.com	http://www.xxor.se/advisories/phpMyAdmin_3.x_Multiple_Remote_Code_Executions.txt
af854a3a-2127-422b-91ae-364da2661108	http://0x6a616d6573.blogspot.com/2011/07/phpmyadmin-fud.html
af854a3a-2127-422b-91ae-364da2661108	http://ha.xxor.se/2011/07/phpmyadmin-3x-multiple-remote-code.html	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://ha.xxor.se/2011/07/phpmyadmin-3x-pregreplace-rce-poc.html	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062719.html
af854a3a-2127-422b-91ae-364da2661108	http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commit%3Bh=69fb0f8e7dc38075427aceaf09bcac697d0590ff
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/45139	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/45292
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/45315
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/8306
af854a3a-2127-422b-91ae-364da2661108	http://typo3.org/teams/security/security-bulletins/typo3-sa-2011-008/
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2011/dsa-2286
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2011:124
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2011/06/28/2
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2011/06/28/6
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2011/06/28/8
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2011/06/29/11
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/73613
af854a3a-2127-422b-91ae-364da2661108	http://www.phpmyadmin.net/home_page/security/PMASA-2011-7.php	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/518804/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.xxor.se/advisories/phpMyAdmin_3.x_Multiple_Remote_Code_Executions.txt

Impacted products

Vendor	Product	Version
phpmyadmin	phpmyadmin	3.0.0
phpmyadmin	phpmyadmin	3.0.0
phpmyadmin	phpmyadmin	3.0.0
phpmyadmin	phpmyadmin	3.0.0
phpmyadmin	phpmyadmin	3.0.1
phpmyadmin	phpmyadmin	3.0.1
phpmyadmin	phpmyadmin	3.0.1.1
phpmyadmin	phpmyadmin	3.1.0
phpmyadmin	phpmyadmin	3.1.0
phpmyadmin	phpmyadmin	3.1.1
phpmyadmin	phpmyadmin	3.1.1
phpmyadmin	phpmyadmin	3.1.2
phpmyadmin	phpmyadmin	3.1.2
phpmyadmin	phpmyadmin	3.1.3
phpmyadmin	phpmyadmin	3.1.3
phpmyadmin	phpmyadmin	3.1.3.1
phpmyadmin	phpmyadmin	3.1.3.2
phpmyadmin	phpmyadmin	3.1.4
phpmyadmin	phpmyadmin	3.1.4
phpmyadmin	phpmyadmin	3.1.5
phpmyadmin	phpmyadmin	3.1.5
phpmyadmin	phpmyadmin	3.2.0
phpmyadmin	phpmyadmin	3.2.0
phpmyadmin	phpmyadmin	3.2.0
phpmyadmin	phpmyadmin	3.2.1
phpmyadmin	phpmyadmin	3.2.1
phpmyadmin	phpmyadmin	3.2.2
phpmyadmin	phpmyadmin	3.2.2
phpmyadmin	phpmyadmin	3.3.0.0
phpmyadmin	phpmyadmin	3.3.1.0
phpmyadmin	phpmyadmin	3.3.2.0
phpmyadmin	phpmyadmin	3.3.3.0
phpmyadmin	phpmyadmin	3.3.4.0
phpmyadmin	phpmyadmin	3.3.5.0
phpmyadmin	phpmyadmin	3.3.5.1
phpmyadmin	phpmyadmin	3.3.6
phpmyadmin	phpmyadmin	3.3.7
phpmyadmin	phpmyadmin	3.3.8
phpmyadmin	phpmyadmin	3.3.8.1
phpmyadmin	phpmyadmin	3.3.9.0
phpmyadmin	phpmyadmin	3.3.9.1
phpmyadmin	phpmyadmin	3.3.9.2
phpmyadmin	phpmyadmin	3.3.10.0
phpmyadmin	phpmyadmin	3.3.10.1
phpmyadmin	phpmyadmin	3.4.0.0
phpmyadmin	phpmyadmin	3.4.1.0
phpmyadmin	phpmyadmin	3.4.2.0
phpmyadmin	phpmyadmin	3.4.3.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7ED38B88-A4D2-40B4-A5A8-A9FD1BCAAF8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.0.0:alpha:*:*:*:*:*:*",
              "matchCriteriaId": "5E5D29CC-12CE-43D3-A135-C148542E5AAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.0.0:beta:*:*:*:*:*:*",
              "matchCriteriaId": "BAF28FF5-6FF5-47D8-BEB9-D54E58C0740F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.0.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "613C697A-7CFF-4529-BD15-0ED4B753527A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "56908EFC-CCA8-4B22-8F8F-FB23C934D6E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.0.1:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "82DFC89B-F989-41C5-87E2-11A259E7F5C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F21917E9-A820-4A5F-B38B-E3E0F79A380C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "400E2D41-CB1F-4E5C-B08D-35294F8D1402",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.1.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "16247466-32B5-4632-9F4E-92A70ED9604D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4AFEEBA-01BA-46D6-86A3-B1B5A8F1B5FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.1.1:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "3F72014B-B168-4FFA-ADDC-86CE84D19681",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AFFE8553-D8FF-4BA3-9325-A3C366FDFBEB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.1.2:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "72CD1784-3F48-49B5-A154-61C1F7EC3F61",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAAA1171-F570-4E4D-B667-2D4C8F8ECDD0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.1.3:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "278B4EF3-4331-4334-AB55-EC05C069F48A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.1.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4943CF80-91E5-42CD-BD51-6CAFC83EA5A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.1.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0284F72-2126-4BE8-90CA-82D2E4B3E96D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C24AEFB1-7070-4F9B-BCDA-60F33C17D536",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.1.4:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "E8D735F4-165E-45C9-BF3B-9B618A8E3720",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "62E60F6F-C855-45BF-8840-398FA62626EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.1.5:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "F4EDCE1E-436A-4369-A734-7D620F5D89B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "98051D18-43E3-47D6-A8D4-AD9F0C8B0A7F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.2.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "6B468BEA-022D-48A9-8E52-31D78F28E871",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.2.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "78BC489B-E02E-4C6E-9EA1-EDC926EBA5BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDCB1657-8C8F-44FE-8C1D-BF191DE70657",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.2.1:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "35F44A77-1169-4A0D-8864-EB7AF56324AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE0CFF97-8F8B-405D-BA59-B88C1C07A4C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.2.2:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "BA3C0B46-3964-4A22-9AD4-4F4C8B4B4790",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "84100813-C889-4DB0-8D86-E78A047B7C7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B99F558E-F696-467D-8C8B-5CFFED2A95D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "85BA84E5-8631-478C-8229-CFF36F61569A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "77430AB8-6EAA-4C99-9700-E5015F8D56FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CFADB43-A63B-4A58-9A9D-232B0CA3F9DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "89FC756B-8CF7-4F57-A6AA-8C074F14BCA0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3EE1361B-D70B-45B9-BD2F-7C049D96928A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "06EE0CCB-559F-457B-A1EC-79D0680DCDD8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "00826A60-50A4-4E05-B317-8D0A5FC637BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "7AC1AECC-6521-4D9D-88D5-86DA8BDB1D26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "79093150-F515-42D9-AEF2-86C0C4B1B8AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FE65F49-CDED-49B0-89F4-CE52E357069A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B29D2E6-F327-4B19-B33F-E888F8B81E7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C579327-8F92-41AF-926A-86442063A83D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C3F84C4-883B-48DC-9181-E54A87DC973B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C10C216-594B-4F08-B86E-A476A452189B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C714361-7AE3-4DC2-994C-7C67B41226B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A3CED16-3ECE-49F6-A52B-0222B14DBC88",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4938BCE-1365-469A-B714-A5D9C451FA20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "35F46942-E054-43E4-9543-E126738845E2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "libraries/server_synchronize.lib.php in the Synchronize implementation in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 does not properly quote regular expressions, which allows remote authenticated users to inject a PCRE e (aka PREG_REPLACE_EVAL) modifier, and consequently execute arbitrary PHP code, by leveraging the ability to modify the SESSION superglobal array."
    },
    {
      "lang": "es",
      "value": "libraries/server_synchronize.lib.php en la implementaci\u00f3n Synchronize en phpMyAdmin v3.x anterior a v3.3.10.2 y v3.4.x anterior a v3.4.3.1 no entrecomilla correctamente las expresiones regulares, permitiendo a usuarios remotos autenticados inyectar  PCRE  (conocido como PREG_REPLACE_EVAL) y ejecutar c\u00f3digo PHP arbitrario, mediante la modificaci\u00f3n del array superglobal SESI\u00d3N."
    }
  ],
  "id": "CVE-2011-2507",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2011-07-14T23:55:04.973",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://0x6a616d6573.blogspot.com/2011/07/phpmyadmin-fud.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit"
      ],
      "url": "http://ha.xxor.se/2011/07/phpmyadmin-3x-multiple-remote-code.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit"
      ],
      "url": "http://ha.xxor.se/2011/07/phpmyadmin-3x-pregreplace-rce-poc.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062719.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commit%3Bh=69fb0f8e7dc38075427aceaf09bcac697d0590ff"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/45139"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/45292"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/45315"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://securityreason.com/securityalert/8306"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2011-008/"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2011/dsa-2286"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:124"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2011/06/28/2"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2011/06/28/6"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2011/06/28/8"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2011/06/29/11"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.osvdb.org/73613"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.phpmyadmin.net/home_page/security/PMASA-2011-7.php"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/archive/1/518804/100/0/threaded"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.xxor.se/advisories/phpMyAdmin_3.x_Multiple_Remote_Code_Executions.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://0x6a616d6573.blogspot.com/2011/07/phpmyadmin-fud.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://ha.xxor.se/2011/07/phpmyadmin-3x-multiple-remote-code.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://ha.xxor.se/2011/07/phpmyadmin-3x-pregreplace-rce-poc.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062719.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commit%3Bh=69fb0f8e7dc38075427aceaf09bcac697d0590ff"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/45139"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/45292"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/45315"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/8306"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2011-008/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2011/dsa-2286"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:124"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2011/06/28/2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2011/06/28/6"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2011/06/28/8"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2011/06/29/11"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/73613"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.phpmyadmin.net/home_page/security/PMASA-2011-7.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/518804/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.xxor.se/advisories/phpMyAdmin_3.x_Multiple_Remote_Code_Executions.txt"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTA-2011-AVI-380

Vulnerability from certfr_avis - Published: 2011-07-05 - Updated: 2011-07-05

Plusieurs vulnérabilités dans phpMyAdmin permettent à un utilisateur distant d'exécuter du code arbitraire, de porter atteinte à l'intégrité ou à la confidentialité de certaines données.

Description

Plusieurs vulnérabilités sont présentes dans phpMyAdmin :

la première permet de modifier le contenu de certaines variables de session et ce faisant d'exécuter du code arbitraire ;
la seconde concerne un manque de contrôle sur certaines URL passées au serveur et permet d'exécuter du code arbitraire à distance ;
la troisième vulnérabilité relative à un manque de contrôle des expressions régulières permet de conduire des attaques de type traversée de répertoire ;
la dernière concerne également un problème de traversée de répertoire lié à la gestion de certains types MIME.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	phpMyAdmin	phpMyAdmin	phpMyAdmin versions 3.4.3.0 et antérieures.
	phpMyAdmin	phpMyAdmin	phpMyAdmin versions 3.3.10.1 et antérieures ;

References

Title

Publication Time

GHSA-RM5V-F378-QGP9

Vulnerability from github – Published: 2022-05-14 02:55 – Updated: 2025-04-11 03:48

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2011-2507"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-94"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2011-07-14T23:55:00Z",
    "severity": "MODERATE"
  },
  "details": "libraries/server_synchronize.lib.php in the Synchronize implementation in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 does not properly quote regular expressions, which allows remote authenticated users to inject a PCRE e (aka PREG_REPLACE_EVAL) modifier, and consequently execute arbitrary PHP code, by leveraging the ability to modify the SESSION superglobal array.",
  "id": "GHSA-rm5v-f378-qgp9",
  "modified": "2025-04-11T03:48:37Z",
  "published": "2022-05-14T02:55:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-2507"
    },
    {
      "type": "WEB",
      "url": "http://0x6a616d6573.blogspot.com/2011/07/phpmyadmin-fud.html"
    },
    {
      "type": "WEB",
      "url": "http://ha.xxor.se/2011/07/phpmyadmin-3x-multiple-remote-code.html"
    },
    {
      "type": "WEB",
      "url": "http://ha.xxor.se/2011/07/phpmyadmin-3x-pregreplace-rce-poc.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062719.html"
    },
    {
      "type": "WEB",
      "url": "http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commit%3Bh=69fb0f8e7dc38075427aceaf09bcac697d0590ff"
    },
    {
      "type": "WEB",
      "url": "http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commit;h=69fb0f8e7dc38075427aceaf09bcac697d0590ff"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/45139"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/45292"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/45315"
    },
    {
      "type": "WEB",
      "url": "http://securityreason.com/securityalert/8306"
    },
    {
      "type": "WEB",
      "url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2011-008"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2011/dsa-2286"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:124"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2011/06/28/2"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2011/06/28/6"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2011/06/28/8"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2011/06/29/11"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/73613"
    },
    {
      "type": "WEB",
      "url": "http://www.phpmyadmin.net/home_page/security/PMASA-2011-7.php"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/518804/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.xxor.se/advisories/phpMyAdmin_3.x_Multiple_Remote_Code_Executions.txt"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2011-2507

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2011-2507

Aliases

CVE-2011-2507

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2011-2507",
    "description": "libraries/server_synchronize.lib.php in the Synchronize implementation in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 does not properly quote regular expressions, which allows remote authenticated users to inject a PCRE e (aka PREG_REPLACE_EVAL) modifier, and consequently execute arbitrary PHP code, by leveraging the ability to modify the SESSION superglobal array.",
    "id": "GSD-2011-2507",
    "references": [
      "https://www.debian.org/security/2011/dsa-2286",
      "https://packetstormsecurity.com/files/cve/CVE-2011-2507"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2011-2507"
      ],
      "details": "libraries/server_synchronize.lib.php in the Synchronize implementation in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 does not properly quote regular expressions, which allows remote authenticated users to inject a PCRE e (aka PREG_REPLACE_EVAL) modifier, and consequently execute arbitrary PHP code, by leveraging the ability to modify the SESSION superglobal array.",
      "id": "GSD-2011-2507",
      "modified": "2023-12-13T01:19:07.222333Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2011-2507",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "libraries/server_synchronize.lib.php in the Synchronize implementation in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 does not properly quote regular expressions, which allows remote authenticated users to inject a PCRE e (aka PREG_REPLACE_EVAL) modifier, and consequently execute arbitrary PHP code, by leveraging the ability to modify the SESSION superglobal array."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://www.xxor.se/advisories/phpMyAdmin_3.x_Multiple_Remote_Code_Executions.txt",
            "refsource": "MISC",
            "url": "http://www.xxor.se/advisories/phpMyAdmin_3.x_Multiple_Remote_Code_Executions.txt"
          },
          {
            "name": "[oss-security] 20110628 CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2011/06/28/2"
          },
          {
            "name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2011-008/",
            "refsource": "CONFIRM",
            "url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2011-008/"
          },
          {
            "name": "45292",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/45292"
          },
          {
            "name": "[oss-security] 20110628 Re: CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2011/06/28/6"
          },
          {
            "name": "http://www.phpmyadmin.net/home_page/security/PMASA-2011-7.php",
            "refsource": "CONFIRM",
            "url": "http://www.phpmyadmin.net/home_page/security/PMASA-2011-7.php"
          },
          {
            "name": "[oss-security] 20110628 Re: [Phpmyadmin-security] CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2011/06/28/8"
          },
          {
            "name": "MDVSA-2011:124",
            "refsource": "MANDRIVA",
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:124"
          },
          {
            "name": "8306",
            "refsource": "SREASON",
            "url": "http://securityreason.com/securityalert/8306"
          },
          {
            "name": "http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commit;h=69fb0f8e7dc38075427aceaf09bcac697d0590ff",
            "refsource": "CONFIRM",
            "url": "http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commit;h=69fb0f8e7dc38075427aceaf09bcac697d0590ff"
          },
          {
            "name": "45139",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/45139"
          },
          {
            "name": "http://ha.xxor.se/2011/07/phpmyadmin-3x-pregreplace-rce-poc.html",
            "refsource": "MISC",
            "url": "http://ha.xxor.se/2011/07/phpmyadmin-3x-pregreplace-rce-poc.html"
          },
          {
            "name": "DSA-2286",
            "refsource": "DEBIAN",
            "url": "http://www.debian.org/security/2011/dsa-2286"
          },
          {
            "name": "http://0x6a616d6573.blogspot.com/2011/07/phpmyadmin-fud.html",
            "refsource": "MISC",
            "url": "http://0x6a616d6573.blogspot.com/2011/07/phpmyadmin-fud.html"
          },
          {
            "name": "20110707 phpMyAdmin 3.x Multiple Remote Code Executions",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/518804/100/0/threaded"
          },
          {
            "name": "[oss-security] 20110629 Re: CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2011/06/29/11"
          },
          {
            "name": "73613",
            "refsource": "OSVDB",
            "url": "http://www.osvdb.org/73613"
          },
          {
            "name": "http://ha.xxor.se/2011/07/phpmyadmin-3x-multiple-remote-code.html",
            "refsource": "MISC",
            "url": "http://ha.xxor.se/2011/07/phpmyadmin-3x-multiple-remote-code.html"
          },
          {
            "name": "45315",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/45315"
          },
          {
            "name": "FEDORA-2011-9144",
            "refsource": "FEDORA",
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062719.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.1.4:rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.0.0:beta:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.1.0:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.1.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.1.1:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.10.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.8.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.0.1:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.1.3.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.1.2:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.9.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.1.5:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.2.0:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.2.0:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.1.3:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.1.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.2.2:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.0.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.0.0:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.0.0:alpha:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.1.3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.2.1:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.9.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.10.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2011-2507"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "libraries/server_synchronize.lib.php in the Synchronize implementation in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 does not properly quote regular expressions, which allows remote authenticated users to inject a PCRE e (aka PREG_REPLACE_EVAL) modifier, and consequently execute arbitrary PHP code, by leveraging the ability to modify the SESSION superglobal array."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-94"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://0x6a616d6573.blogspot.com/2011/07/phpmyadmin-fud.html",
              "refsource": "MISC",
              "tags": [],
              "url": "http://0x6a616d6573.blogspot.com/2011/07/phpmyadmin-fud.html"
            },
            {
              "name": "http://www.phpmyadmin.net/home_page/security/PMASA-2011-7.php",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.phpmyadmin.net/home_page/security/PMASA-2011-7.php"
            },
            {
              "name": "45139",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/45139"
            },
            {
              "name": "[oss-security] 20110629 Re: CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities",
              "refsource": "MLIST",
              "tags": [],
              "url": "http://www.openwall.com/lists/oss-security/2011/06/29/11"
            },
            {
              "name": "[oss-security] 20110628 Re: CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities",
              "refsource": "MLIST",
              "tags": [],
              "url": "http://www.openwall.com/lists/oss-security/2011/06/28/6"
            },
            {
              "name": "[oss-security] 20110628 CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities",
              "refsource": "MLIST",
              "tags": [],
              "url": "http://www.openwall.com/lists/oss-security/2011/06/28/2"
            },
            {
              "name": "http://ha.xxor.se/2011/07/phpmyadmin-3x-pregreplace-rce-poc.html",
              "refsource": "MISC",
              "tags": [
                "Exploit"
              ],
              "url": "http://ha.xxor.se/2011/07/phpmyadmin-3x-pregreplace-rce-poc.html"
            },
            {
              "name": "http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commit;h=69fb0f8e7dc38075427aceaf09bcac697d0590ff",
              "refsource": "CONFIRM",
              "tags": [
                "Patch"
              ],
              "url": "http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commit;h=69fb0f8e7dc38075427aceaf09bcac697d0590ff"
            },
            {
              "name": "73613",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://www.osvdb.org/73613"
            },
            {
              "name": "http://www.xxor.se/advisories/phpMyAdmin_3.x_Multiple_Remote_Code_Executions.txt",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.xxor.se/advisories/phpMyAdmin_3.x_Multiple_Remote_Code_Executions.txt"
            },
            {
              "name": "[oss-security] 20110628 Re: [Phpmyadmin-security] CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities",
              "refsource": "MLIST",
              "tags": [],
              "url": "http://www.openwall.com/lists/oss-security/2011/06/28/8"
            },
            {
              "name": "http://ha.xxor.se/2011/07/phpmyadmin-3x-multiple-remote-code.html",
              "refsource": "MISC",
              "tags": [
                "Exploit"
              ],
              "url": "http://ha.xxor.se/2011/07/phpmyadmin-3x-multiple-remote-code.html"
            },
            {
              "name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2011-008/",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2011-008/"
            },
            {
              "name": "FEDORA-2011-9144",
              "refsource": "FEDORA",
              "tags": [],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062719.html"
            },
            {
              "name": "45292",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/45292"
            },
            {
              "name": "DSA-2286",
              "refsource": "DEBIAN",
              "tags": [],
              "url": "http://www.debian.org/security/2011/dsa-2286"
            },
            {
              "name": "45315",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/45315"
            },
            {
              "name": "8306",
              "refsource": "SREASON",
              "tags": [],
              "url": "http://securityreason.com/securityalert/8306"
            },
            {
              "name": "MDVSA-2011:124",
              "refsource": "MANDRIVA",
              "tags": [],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:124"
            },
            {
              "name": "20110707 phpMyAdmin 3.x Multiple Remote Code Executions",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/518804/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-09T19:32Z",
      "publishedDate": "2011-07-14T23:55Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2011-2507 (GCVE-0-2011-2507)

FKIE_CVE-2011-2507

CERTA-2011-AVI-380

Description

Solution

GHSA-RM5V-F378-QGP9

GSD-2011-2507

Tags

Sightings

Nomenclature