Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

DSA-2286-1 phpmyadmin -- several vulnerabilities

Related Vulnerabilities: CVE-2011-2505   CVE-2011-2506   CVE-2011-2507   CVE-2011-2508   CVE-2011-2642  

Several vulnerabilities were discovered in phpMyAdmin, a tool to administrate MySQL over the web. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2011-2505 Possible session manipulation in Swekey authentication. CVE-2011-2506 Possible code injection in setup script, in case session variables are compromised. CVE-2011-2507 Regular expression quoting issue in Synchronize code. CVE-2011-2508 Possible directory traversal in MIME-type transformation. CVE-2011-2642 Cross site scripting in table Print view when the attacker can create crafted table names. No CVE name yet Possible superglobal and local variables manipulation in Swekey authentication. (PMASA-2011-12) The oldstable distribution (lenny) is only affected by CVE-2011-2642, which has been fixed in version 2.11.8.1-5+lenny9. For the stable distribution (squeeze), these problems have been fixed in version 3.3.7-6. For the testing distribution (wheezy) and unstable distribution (sid), these problems have been fixed in version 3.4.3.2-1. We recommend that you upgrade your phpmyadmin packages.

Source

Debian Security Advisory

DSA-2286-1 phpmyadmin -- several vulnerabilities

Date Reported:
26 Jul 2011
Affected Packages:
phpmyadmin
Vulnerable:
Yes
Security database references:
In Mitre's CVE dictionary: CVE-2011-2505, CVE-2011-2506, CVE-2011-2507, CVE-2011-2508, CVE-2011-2642.
More information:

Several vulnerabilities were discovered in phpMyAdmin, a tool to administrate MySQL over the web. The Common Vulnerabilities and Exposures project identifies the following problems:

  • CVE-2011-2505

    Possible session manipulation in Swekey authentication.

  • CVE-2011-2506

    Possible code injection in setup script, in case session variables are compromised.

  • CVE-2011-2507

    Regular expression quoting issue in Synchronize code.

  • CVE-2011-2508

    Possible directory traversal in MIME-type transformation.

  • CVE-2011-2642

    Cross site scripting in table Print view when the attacker can create crafted table names.

  • No CVE name yet

    Possible superglobal and local variables manipulation in Swekey authentication. (PMASA-2011-12)

The oldstable distribution (lenny) is only affected by CVE-2011-2642, which has been fixed in version 2.11.8.1-5+lenny9.

For the stable distribution (squeeze), these problems have been fixed in version 3.3.7-6.

For the testing distribution (wheezy) and unstable distribution (sid), these problems have been fixed in version 3.4.3.2-1.

We recommend that you upgrade your phpmyadmin packages.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started