Search for packages
| purl | pkg:deb/debian/phpmyadmin@4:3.4.3.1-1?distro=trixie |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-9xb8-kz1v-43bt | Improper Control of Generation of Code ('Code Injection') setup/lib/ConfigGenerator.class.php in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 does not properly restrict the presence of comment closing delimiters, which allows remote attackers to conduct static code injection attacks by leveraging the ability to modify the SESSION superglobal array. |
CVE-2011-2506
GHSA-p6h7-29r2-g88f |
| VCID-qrm9-716c-2ybp | Improper Control of Generation of Code ('Code Injection') libraries/auth/swekey/swekey.auth.lib.php in the Swekey authentication feature in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 assigns values to arbitrary parameters referenced in the query string, which allows remote attackers to modify the SESSION superglobal array via a crafted request, related to a "remote variable manipulation vulnerability." |
CVE-2011-2505
GHSA-vqcm-r62w-w437 |
| VCID-tnbx-6gqw-8fb5 | Multiple vulnerabilities were found in phpMyAdmin, the most severe of which allows the execution of arbitrary PHP code. |
CVE-2011-2507
|
| VCID-z6t5-jasy-vbfs | phpMyAdmin Directory Traversal vulnerability Directory traversal vulnerability in libraries/display_tbl.lib.php in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1, when a certain MIME transformation feature is enabled, allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in a GLOBALS[mime_map][$meta->name][transformation] parameter. |
CVE-2011-2508
GHSA-q6vw-39cg-wjjf |