Published: 14/02/2011 Updated: 07/11/2023

CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8

VMScore: 578

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

The PMA_Bookmark_get function in libraries/bookmark.lib.php in phpMyAdmin 2.11.x prior to 2.11.11.3, and 3.3.x prior to 3.3.9.2, does not properly restrict bookmark queries, which makes it easier for remote authenticated users to trigger another user's execution of a SQL query by creating a bookmark.

Vulnerable Product	Search on Vulmon	Subscribe to Product
phpmyadmin phpmyadmin 3.0.1.1
phpmyadmin phpmyadmin 3.2.1
phpmyadmin phpmyadmin 2.11.11.2
phpmyadmin phpmyadmin 2.11.1.2
phpmyadmin phpmyadmin 3.1.4
phpmyadmin phpmyadmin 3.1.3
phpmyadmin phpmyadmin 2.11.5.1
phpmyadmin phpmyadmin 2.11.5.0
phpmyadmin phpmyadmin 3.3.8.1
phpmyadmin phpmyadmin 3.2.0
phpmyadmin phpmyadmin 3.1.2
phpmyadmin phpmyadmin 2.11.9.0
phpmyadmin phpmyadmin 3.1.0
phpmyadmin phpmyadmin 2.11.9.1
phpmyadmin phpmyadmin 3.3.3.0
phpmyadmin phpmyadmin 3.0.0
phpmyadmin phpmyadmin 3.3.4.0
phpmyadmin phpmyadmin 2.11.5.2
phpmyadmin phpmyadmin 2.11.2.2
phpmyadmin phpmyadmin 2.11.8.0
phpmyadmin phpmyadmin 3.3.1.0
phpmyadmin phpmyadmin 3.3.7
phpmyadmin phpmyadmin 2.11.11
phpmyadmin phpmyadmin 2.11.4.0
phpmyadmin phpmyadmin 3.1.5
phpmyadmin phpmyadmin 2.11.2.1
phpmyadmin phpmyadmin 3.1.1
phpmyadmin phpmyadmin 3.3.5.0
phpmyadmin phpmyadmin 2.11.9.5
phpmyadmin phpmyadmin 2.11.10.0
phpmyadmin phpmyadmin 2.11.6.0
phpmyadmin phpmyadmin 3.3.0.0
phpmyadmin phpmyadmin 3.3.6
phpmyadmin phpmyadmin 3.3.2.0
phpmyadmin phpmyadmin 2.11.7.0
phpmyadmin phpmyadmin 3.3.9.0
phpmyadmin phpmyadmin 2.11.9.6
phpmyadmin phpmyadmin 3.1.3.2
phpmyadmin phpmyadmin 2.11.2.0
phpmyadmin phpmyadmin 2.11.9.2
phpmyadmin phpmyadmin 2.11.9.3
phpmyadmin phpmyadmin 3.3.5.1
phpmyadmin phpmyadmin 3.3.9.1
phpmyadmin phpmyadmin 2.11.1.1
phpmyadmin phpmyadmin 3.0.1
phpmyadmin phpmyadmin 2.11.11.1
phpmyadmin phpmyadmin 2.11.9.4
phpmyadmin phpmyadmin 3.1.3.1
phpmyadmin phpmyadmin 2.11.7.1
phpmyadmin phpmyadmin 2.11.3.0
phpmyadmin phpmyadmin 3.3.8
phpmyadmin phpmyadmin 3.2.2
phpmyadmin phpmyadmin 2.11.1.0
phpmyadmin phpmyadmin 2.11.0
phpmyadmin phpmyadmin 2.11.10.1

It was discovered that phpMyAdmin, a tool to administer MySQL over the web, when the bookmarks feature is enabled, allowed to create a bookmarked query which would be executed unintentionally by other users For the oldstable distribution (lenny), this problem has been fixed in version 4:21181-5+lenny8 For the stable distribution (squeeze), thi ...

CWE-20 http://www.phpmyadmin.net/home_page/security/PMASA-2011-2.php http://www.mandriva.com/security/advisories?name=MDVSA-2011:026 http://www.vupen.com/english/advisories/2011/0381 http://secunia.com/advisories/43324 http://www.debian.org/security/2011/dsa-2167 http://www.securityfocus.com/bid/46359 http://www.vupen.com/english/advisories/2011/0409 http://www.vupen.com/english/advisories/2011/0385 http://secunia.com/advisories/43391 http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054525.html http://www.vupen.com/english/advisories/2011/0570 http://www.vupen.com/english/advisories/2011/0512 http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054355.html http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054349.html http://secunia.com/advisories/43478 https://exchange.xforce.ibmcloud.com/vulnerabilities/65390 http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commit%3Bh=a5464b4daff0059cdf8c9e5f4d54a80e2dd2a5b0 https://nvd.nist.gov https://www.debian.org/security/./dsa-2167

CVE-2011-0987

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect