← volver
CVE-2011-2506

CVE-2011-2506

EPSS 9.6%
setup/lib/ConfigGenerator.class.php in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 does not properly restrict the presence of comment closing delimiters, which allows remote attackers to conduct static code injection attacks by leveraging the ability to modify the SESSION superglobal array.
Productos afectados
n/a · n/a
PoCs públicas encontradas3
cve_referencewww.exploit-db.com/exploits/17514/no verificadoexploitdbwww.exploit-db.com/exploits/17514no verificadoexploitdbwww.exploit-db.com/exploits/17510no verificado
⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
http://ha.xxor.se/2011/07/phpmyadmin-3x-multiple-remote-code.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-July/062719.htmlhttp://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commit%3Bh=0fbedaf5fd7a771d0885c6b7385d934fc90d0d7fhttp://secunia.com/advisories/45139http://secunia.com/advisories/45292http://secunia.com/advisories/45315http://securityreason.com/securityalert/8306http://typo3.org/teams/security/security-bulletins/typo3-sa-2011-008/http://www.debian.org/security/2011/dsa-2286http://www.exploit-db.com/exploits/17514/http://www.mandriva.com/security/advisories?name=MDVSA-2011:124http://www.openwall.com/lists/oss-security/2011/06/28/2