setup/lib/ConfigGenerator.class.php in phpMyAdmin 3.x prior to 3.3.10.2 and 3.4.x prior to 3.4.3.1 does not properly restrict the presence of comment closing delimiters, which allows remote malicious users to conduct static code injection attacks by leveraging the ability to modify the SESSION superglobal array.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
phpmyadmin phpmyadmin 3.0.1.1 |
||
phpmyadmin phpmyadmin 3.2.1 |
||
phpmyadmin phpmyadmin 3.3.10.0 |
||
phpmyadmin phpmyadmin 3.1.4 |
||
phpmyadmin phpmyadmin 3.1.3 |
||
phpmyadmin phpmyadmin 3.3.8.1 |
||
phpmyadmin phpmyadmin 3.2.0 |
||
phpmyadmin phpmyadmin 3.3.10.1 |
||
phpmyadmin phpmyadmin 3.1.2 |
||
phpmyadmin phpmyadmin 3.1.0 |
||
phpmyadmin phpmyadmin 3.3.3.0 |
||
phpmyadmin phpmyadmin 3.0.0 |
||
phpmyadmin phpmyadmin 3.3.4.0 |
||
phpmyadmin phpmyadmin 3.3.9.2 |
||
phpmyadmin phpmyadmin 3.3.1.0 |
||
phpmyadmin phpmyadmin 3.3.7 |
||
phpmyadmin phpmyadmin 3.1.5 |
||
phpmyadmin phpmyadmin 3.1.1 |
||
phpmyadmin phpmyadmin 3.3.5.0 |
||
phpmyadmin phpmyadmin 3.3.0.0 |
||
phpmyadmin phpmyadmin 3.3.6 |
||
phpmyadmin phpmyadmin 3.3.2.0 |
||
phpmyadmin phpmyadmin 3.3.9.0 |
||
phpmyadmin phpmyadmin 3.1.3.2 |
||
phpmyadmin phpmyadmin 3.3.5.1 |
||
phpmyadmin phpmyadmin 3.3.9.1 |
||
phpmyadmin phpmyadmin 3.0.1 |
||
phpmyadmin phpmyadmin 3.1.3.1 |
||
phpmyadmin phpmyadmin 3.3.8 |
||
phpmyadmin phpmyadmin 3.2.2 |
||
phpmyadmin phpmyadmin 3.4.0.0 |
||
phpmyadmin phpmyadmin 3.4.1.0 |
||
phpmyadmin phpmyadmin 3.4.2.0 |
||
phpmyadmin phpmyadmin 3.4.3.0 |
Vulmon