VDB
CVE-2011-2719
CVE-2011-2719
PUBLISHED
CVSS 6.400000095367432 MEDIUM
libraries/auth/swekey/swekey.auth.lib.php in phpMyAdmin 3.x before 3.3.10.3 and 3.4.x before 3.4.3.2 does not properly manage sessions associated with Swekey authentication, which allows remote attackers to modify the SESSION superglobal array, other superglobal arrays, and certain swekey.auth.lib.php local variables via a crafted query string, a related issue to CVE-2011-2505.
EPSS 1.94% · 83.8th percentile
Risk Scores
CVSS 2.0
6.400000095367432
EPSS Score
1.94%
83.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| phpmyadmin | phpmyadmin | 3.0.0, 3.0.0, 3.0.0 |
Timeline
- Aug 1, 2011 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
References
- http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commit%3Bh=e7bb42c002885c2aca7aba4d431b8c63ae4de9b7 url
- 20110724 phpMyAdmin 3.x Conditional Session Manipulation mailing-list
- 20110724 phpMyAdmin 3.x Conditional Session Manipulation mailing-list
- 20110804 Re: [Full-disclosure] phpMyAdmin 3.x Conditional Session Manipulation mailing-list
- 45515 third-party-advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=725384 url
- 45365 third-party-advisory
- 48874 vdb
- MDVSA-2011:124 vendor-advisory
- [oss-security] 20110726 Re: CVE-Request -- phpMyAdmin -- PMASA-2011-11 and PMASA-2011-12 mailing-list
- 74112 vdb
- http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commit%3Bh=571cdc6ff4bf375871b594f4e06f8ad3159d1754 url
- http://www.phpmyadmin.net/home_page/security/PMASA-2011-12.php url
- DSA-2286 vendor-advisory
- 8322 third-party-advisory
- FEDORA-2011-9725 vendor-advisory
- FEDORA-2011-9734 vendor-advisory
- 45315 third-party-advisory
- [oss-security] 20110725 CVE-Request -- phpMyAdmin -- PMASA-2011-11 and PMASA-2011-12 mailing-list
- phpmyadmin-swekey-file-overwrite(68769) vdb
…and 4 more