The configuration setup script (aka scripts/setup.php) in phpMyAdmin 2.11.x prior to 2.11.10.1 does not properly restrict key names in its output file, which allows remote malicious users to execute arbitrary PHP code via a crafted POST request.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
phpmyadmin phpmyadmin 2.11.1.2 |
||
phpmyadmin phpmyadmin 2.11.5.1 |
||
phpmyadmin phpmyadmin 2.11.5.0 |
||
phpmyadmin phpmyadmin 2.11.9.0 |
||
phpmyadmin phpmyadmin 2.11.9.1 |
||
phpmyadmin phpmyadmin 2.11.5.2 |
||
phpmyadmin phpmyadmin 2.11.2.2 |
||
phpmyadmin phpmyadmin 2.11.8.0 |
||
phpmyadmin phpmyadmin 2.11.4.0 |
||
phpmyadmin phpmyadmin 2.11.2.1 |
||
phpmyadmin phpmyadmin 2.11.9.5 |
||
phpmyadmin phpmyadmin 2.11.10.0 |
||
phpmyadmin phpmyadmin 2.11.6.0 |
||
phpmyadmin phpmyadmin 2.11.7.0 |
||
phpmyadmin phpmyadmin 2.11.9.6 |
||
phpmyadmin phpmyadmin 2.11.2.0 |
||
phpmyadmin phpmyadmin 2.11.9.2 |
||
phpmyadmin phpmyadmin 2.11.9.3 |
||
phpmyadmin phpmyadmin 2.11.1.1 |
||
phpmyadmin phpmyadmin 2.11.9.4 |
||
phpmyadmin phpmyadmin 2.11.7.1 |
||
phpmyadmin phpmyadmin 2.11.3.0 |
||
phpmyadmin phpmyadmin 2.11.1.0 |
||
phpmyadmin phpmyadmin 2.11.0 |