PT-2010-4513 · Php · Phpmyadmin

Takeshi Terada

Published

2010-08-24

Updated

2011-01-28

CVE-2010-3055

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions phpMyAdmin versions 2.11.x before 2.11.10.1

Description The issue is related to the configuration setup script, specifically the scripts/setup.php file, which does not properly restrict key names in its output file. This allows remote attackers to execute arbitrary PHP code via a crafted POST request.

Recommendations For phpMyAdmin versions 2.11.x before 2.11.10.1, update to version 2.11.10.1 or later to resolve the issue.

Exploit

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2010-3055

DSA-2097-1

DSA-2097-2

Affected Products

Phpmyadmin

PT-2010-4513 · Php · Phpmyadmin

CVE-2010-3055

Weakness Enumeration

Related Identifiers

Affected Products

References · 15