libraries/auth/swekey/swekey.auth.lib.php in the Swekey authentication feature in phpMyAdmin 3.x prior to 3.3.10.2 and 3.4.x prior to 3.4.3.1 assigns values to arbitrary parameters referenced in the query string, which allows remote malicious users to modify the SESSION superglobal array via a crafted request, related to a "remote variable manipulation vulnerability."
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
phpmyadmin phpmyadmin 3.0.1.1 |
||
phpmyadmin phpmyadmin 3.2.1 |
||
phpmyadmin phpmyadmin 3.3.10.0 |
||
phpmyadmin phpmyadmin 3.1.4 |
||
phpmyadmin phpmyadmin 3.1.3 |
||
phpmyadmin phpmyadmin 3.3.8.1 |
||
phpmyadmin phpmyadmin 3.2.0 |
||
phpmyadmin phpmyadmin 3.3.10.1 |
||
phpmyadmin phpmyadmin 3.1.2 |
||
phpmyadmin phpmyadmin 3.1.0 |
||
phpmyadmin phpmyadmin 3.3.3.0 |
||
phpmyadmin phpmyadmin 3.0.0 |
||
phpmyadmin phpmyadmin 3.3.4.0 |
||
phpmyadmin phpmyadmin 3.3.9.2 |
||
phpmyadmin phpmyadmin 3.3.1.0 |
||
phpmyadmin phpmyadmin 3.3.7 |
||
phpmyadmin phpmyadmin 3.1.5 |
||
phpmyadmin phpmyadmin 3.1.1 |
||
phpmyadmin phpmyadmin 3.3.5.0 |
||
phpmyadmin phpmyadmin 3.3.0.0 |
||
phpmyadmin phpmyadmin 3.3.6 |
||
phpmyadmin phpmyadmin 3.3.2.0 |
||
phpmyadmin phpmyadmin 3.3.9.0 |
||
phpmyadmin phpmyadmin 3.1.3.2 |
||
phpmyadmin phpmyadmin 3.3.5.1 |
||
phpmyadmin phpmyadmin 3.3.9.1 |
||
phpmyadmin phpmyadmin 3.0.1 |
||
phpmyadmin phpmyadmin 3.1.3.1 |
||
phpmyadmin phpmyadmin 3.3.8 |
||
phpmyadmin phpmyadmin 3.2.2 |
||
phpmyadmin phpmyadmin 3.4.0.0 |
||
phpmyadmin phpmyadmin 3.4.1.0 |
||
phpmyadmin phpmyadmin 3.4.2.0 |
||
phpmyadmin phpmyadmin 3.4.3.0 |