Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-qnf5-aays-qkf1

Summary

Improper Control of Generation of Code ('Code Injection')
libraries/auth/swekey/swekey.auth.lib.php in the Swekey authentication feature in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 assigns values to arbitrary parameters referenced in the query string, which allows remote attackers to modify the SESSION superglobal array via a crafted request, related to a "remote variable manipulation vulnerability."

Aliases

alias	CVE-2011-2505

alias	GHSA-vqcm-r62w-w437

Fixed_packages

url	pkg:deb/debian/phpmyadmin@4:3.4.3.1-1?distro=trixie
purl	pkg:deb/debian/phpmyadmin@4:3.4.3.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:3.4.3.1-1%3Fdistro=trixie

url pkg:deb/debian/phpmyadmin@4:5.0.4%2Bdfsg2-2%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/phpmyadmin@4:5.0.4%2Bdfsg2-2%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-47ju-f89a-eud8

vulnerability	VCID-d3qn-js1p-7yeq

vulnerability	VCID-dmqy-9xth-cuhs

vulnerability	VCID-gx8h-5h14-dqez

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:5.0.4%252Bdfsg2-2%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/phpmyadmin@4:5.2.1%2Bdfsg-1%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/phpmyadmin@4:5.2.1%2Bdfsg-1%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-gx8h-5h14-dqez

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:5.2.1%252Bdfsg-1%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/phpmyadmin@4:5.2.2-really%2Bdfsg-1%2Bdeb13u1?distro=trixie
purl	pkg:deb/debian/phpmyadmin@4:5.2.2-really%2Bdfsg-1%2Bdeb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:5.2.2-really%252Bdfsg-1%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/phpmyadmin@4:5.2.3%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/phpmyadmin@4:5.2.3%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:5.2.3%252Bdfsg-1%3Fdistro=trixie

url	pkg:ebuild/dev-db/phpmyadmin@3.4.9
purl	pkg:ebuild/dev-db/phpmyadmin@3.4.9
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-db/phpmyadmin@3.4.9

Affected_packages

url pkg:composer/phpmyadmin/phpmyadmin@3.0.0

purl pkg:composer/phpmyadmin/phpmyadmin@3.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6r4m-kxj7-ybb6

vulnerability	VCID-cyv1-muwx-83h8

vulnerability	VCID-qnf5-aays-qkf1

vulnerability	VCID-qqbs-tnrs-bbem

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@3.0.0

url pkg:composer/phpmyadmin/phpmyadmin@3.4.0

purl pkg:composer/phpmyadmin/phpmyadmin@3.4.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-67va-epqd-vydp

vulnerability	VCID-6r4m-kxj7-ybb6

vulnerability	VCID-8amg-r4d1-kubh

vulnerability	VCID-92xz-8fkp-ekh3

vulnerability	VCID-94pm-84ku-w3cw

vulnerability	VCID-kxq1-41am-gqdc

vulnerability	VCID-mctt-kqsq-97gt

vulnerability	VCID-ntmf-36f1-e3fg

vulnerability	VCID-qnf5-aays-qkf1

vulnerability	VCID-rht1-ecwp-aqe7

vulnerability	VCID-uyyu-r5e4-mqfg

vulnerability	VCID-zb95-sn9m-r3bu

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@3.4.0

References

reference_url

http://ha.xxor.se/2011/07/phpmyadmin-3x-multiple-remote-code.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://ha.xxor.se/2011/07/phpmyadmin-3x-multiple-remote-code.html

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062719.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062719.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2011-2505

reference_id

reference_type

scores

value	0.37008
scoring_system	epss
scoring_elements	0.97245
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2011-2505

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2505
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2505

reference_url

http://securityreason.com/securityalert/8306

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://securityreason.com/securityalert/8306

reference_url

https://github.com/phpmyadmin/composer

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/phpmyadmin/composer

reference_url

https://github.com/phpmyadmin/composer/commit/7ebd958b2bf59f96fecd5b3322bdbd0b244a7967

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/phpmyadmin/composer/commit/7ebd958b2bf59f96fecd5b3322bdbd0b244a7967

reference_url

https://github.com/phpmyadmin/phpmyadmin/commit/6e6e129f26295c83d67b74e202628a4b8bc49e54

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/phpmyadmin/phpmyadmin/commit/6e6e129f26295c83d67b74e202628a4b8bc49e54

reference_url

https://github.com/phpmyadmin/phpmyadmin/commit/7ebd958b2bf59f96fecd5b3322bdbd0b244a7967

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/phpmyadmin/phpmyadmin/commit/7ebd958b2bf59f96fecd5b3322bdbd0b244a7967

reference_url

https://web.archive.org/web/20110712103138/http://www.xxor.se/advisories/phpMyAdmin_3.x_Multiple_Remote_Code_Executions.txt

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20110712103138/http://www.xxor.se/advisories/phpMyAdmin_3.x_Multiple_Remote_Code_Executions.txt

reference_url

https://web.archive.org/web/20111116172111/http://www.securityfocus.com/archive/1/518804/100/0/threaded

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20111116172111/http://www.securityfocus.com/archive/1/518804/100/0/threaded

reference_url

https://web.archive.org/web/20121105034518/http://www.mandriva.com/en/support/security/advisories?name=MDVSA-2011:124

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20121105034518/http://www.mandriva.com/en/support/security/advisories?name=MDVSA-2011:124

reference_url

http://typo3.org/teams/security/security-bulletins/typo3-sa-2011-008

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://typo3.org/teams/security/security-bulletins/typo3-sa-2011-008

reference_url	http://typo3.org/teams/security/security-bulletins/typo3-sa-2011-008/
reference_id
reference_type
scores
url	http://typo3.org/teams/security/security-bulletins/typo3-sa-2011-008/

reference_url

http://www.debian.org/security/2011/dsa-2286

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.debian.org/security/2011/dsa-2286

reference_url

http://www.exploit-db.com/exploits/17514

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.exploit-db.com/exploits/17514

reference_url	http://www.exploit-db.com/exploits/17514/
reference_id
reference_type
scores
url	http://www.exploit-db.com/exploits/17514/

reference_url

http://www.openwall.com/lists/oss-security/2011/06/28/2

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2011/06/28/2

reference_url

http://www.openwall.com/lists/oss-security/2011/06/28/6

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2011/06/28/6

reference_url

http://www.openwall.com/lists/oss-security/2011/06/28/8

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2011/06/28/8

reference_url

http://www.openwall.com/lists/oss-security/2011/06/29/11

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2011/06/29/11

reference_url

http://www.phpmyadmin.net/home_page/security/PMASA-2011-5.php

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.phpmyadmin.net/home_page/security/PMASA-2011-5.php

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2011-2505

reference_id

CVE-2011-2505

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2011-2505

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/17510.py
reference_id	CVE-2011-2506;CVE-2011-2505;OSVDB-73612;OSVDB-73611
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/17510.py

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/17514.php
reference_id	CVE-2011-2506;CVE-2011-2505;OSVDB-73612;OSVDB-73611
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/17514.php

reference_url	http://www.xxor.se/advisories/phpMyAdmin_3.x_Multiple_Remote_Code_Executions.txt
reference_id	CVE-2011-2506;CVE-2011-2505;OSVDB-73612;OSVDB-73611
reference_type	exploit
scores
url	http://www.xxor.se/advisories/phpMyAdmin_3.x_Multiple_Remote_Code_Executions.txt

reference_url	https://github.com/advisories/GHSA-vqcm-r62w-w437
reference_id	GHSA-vqcm-r62w-w437
reference_type
scores
url	https://github.com/advisories/GHSA-vqcm-r62w-w437

reference_url	https://security.gentoo.org/glsa/201201-01
reference_id	GLSA-201201-01
reference_type
scores
url	https://security.gentoo.org/glsa/201201-01

Weaknesses

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

cwe_id	94
name	Improper Control of Generation of Code ('Code Injection')
description	The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

Exploits

date_added	2011-07-08
description	phpMyAdmin3 (pma3) - Remote Code Execution
required_action	`null`
due_date	`null`
notes	`null`
known_ransomware_campaign_use	`true`
source_date_published	2011-07-08
exploit_type	webapps
platform	php
source_date_updated	2011-07-24
data_source	Exploit-DB
source_url

Severity_range_score 4.0 - 6.9

Exploitability 2.0

Weighted_severity 6.2

Risk_score 10.0

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qnf5-aays-qkf1

Vulnerability Instance