CVE-2011-2507

Name of the Vulnerable Software and Affected Versions phpMyAdmin versions 3.x prior to 3.3.10.2 phpMyAdmin versions 3.4.x prior to 3.4.3.1

Description The issue is related to the Synchronize implementation in phpMyAdmin, where the libraries/server synchronize.lib.php file does not properly quote regular expressions. This allows remote authenticated users to inject a PCRE e (aka PREG REPLACE EVAL) modifier, which can lead to the execution of arbitrary PHP code. The exploitation is possible by modifying the SESSION superglobal array.

Recommendations For phpMyAdmin versions 3.x prior to 3.3.10.2, update to version 3.3.10.2 or later. For phpMyAdmin versions 3.4.x prior to 3.4.3.1, update to version 3.4.3.1 or later.