Search for vulnerabilities
Vulnerability details: VCID-r7gb-sdkq-kfc6
Vulnerability ID VCID-r7gb-sdkq-kfc6
Aliases CVE-2011-2505
GHSA-vqcm-r62w-w437
Summary phpMyAdmin remote variable manipulation `libraries/auth/swekey/swekey.auth.lib.php` in the Swekey authentication feature in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 assigns values to arbitrary parameters referenced in the query string, which allows remote attackers to modify the `SESSION` superglobal array via a crafted request, related to a "remote variable manipulation vulnerability."
Status Published
Exploitability 2.0
Weighted Severity 6.2
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-94 Improper Control of Generation of Code ('Code Injection')
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
generic_textual MODERATE http://ha.xxor.se/2011/07/phpmyadmin-3x-multiple-remote-code.html
generic_textual MODERATE http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062719.html
epss 0.2458 https://api.first.org/data/v1/epss?cve=CVE-2011-2505
epss 0.2458 https://api.first.org/data/v1/epss?cve=CVE-2011-2505
epss 0.2458 https://api.first.org/data/v1/epss?cve=CVE-2011-2505
epss 0.2458 https://api.first.org/data/v1/epss?cve=CVE-2011-2505
epss 0.2458 https://api.first.org/data/v1/epss?cve=CVE-2011-2505
epss 0.2458 https://api.first.org/data/v1/epss?cve=CVE-2011-2505
epss 0.2458 https://api.first.org/data/v1/epss?cve=CVE-2011-2505
epss 0.2458 https://api.first.org/data/v1/epss?cve=CVE-2011-2505
epss 0.2458 https://api.first.org/data/v1/epss?cve=CVE-2011-2505
epss 0.2458 https://api.first.org/data/v1/epss?cve=CVE-2011-2505
epss 0.2458 https://api.first.org/data/v1/epss?cve=CVE-2011-2505
epss 0.2458 https://api.first.org/data/v1/epss?cve=CVE-2011-2505
epss 0.2458 https://api.first.org/data/v1/epss?cve=CVE-2011-2505
epss 0.2458 https://api.first.org/data/v1/epss?cve=CVE-2011-2505
epss 0.2458 https://api.first.org/data/v1/epss?cve=CVE-2011-2505
epss 0.2458 https://api.first.org/data/v1/epss?cve=CVE-2011-2505
epss 0.2458 https://api.first.org/data/v1/epss?cve=CVE-2011-2505
epss 0.2458 https://api.first.org/data/v1/epss?cve=CVE-2011-2505
epss 0.2458 https://api.first.org/data/v1/epss?cve=CVE-2011-2505
epss 0.2458 https://api.first.org/data/v1/epss?cve=CVE-2011-2505
epss 0.2458 https://api.first.org/data/v1/epss?cve=CVE-2011-2505
generic_textual MODERATE http://securityreason.com/securityalert/8306
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-vqcm-r62w-w437
generic_textual MODERATE https://github.com/phpmyadmin/composer
generic_textual MODERATE https://github.com/phpmyadmin/composer/commit/7ebd958b2bf59f96fecd5b3322bdbd0b244a7967
generic_textual MODERATE https://github.com/phpmyadmin/phpmyadmin/commit/6e6e129f26295c83d67b74e202628a4b8bc49e54
generic_textual MODERATE https://github.com/phpmyadmin/phpmyadmin/commit/7ebd958b2bf59f96fecd5b3322bdbd0b244a7967
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2011-2505
generic_textual MODERATE https://web.archive.org/web/20110712103138/http://www.xxor.se/advisories/phpMyAdmin_3.x_Multiple_Remote_Code_Executions.txt
generic_textual MODERATE https://web.archive.org/web/20111116172111/http://www.securityfocus.com/archive/1/518804/100/0/threaded
generic_textual MODERATE https://web.archive.org/web/20121105034518/http://www.mandriva.com/en/support/security/advisories?name=MDVSA-2011:124
generic_textual MODERATE http://typo3.org/teams/security/security-bulletins/typo3-sa-2011-008
generic_textual MODERATE http://www.debian.org/security/2011/dsa-2286
generic_textual MODERATE http://www.exploit-db.com/exploits/17514
generic_textual MODERATE http://www.openwall.com/lists/oss-security/2011/06/28/2
generic_textual MODERATE http://www.openwall.com/lists/oss-security/2011/06/28/6
generic_textual MODERATE http://www.openwall.com/lists/oss-security/2011/06/28/8
generic_textual MODERATE http://www.openwall.com/lists/oss-security/2011/06/29/11
generic_textual MODERATE http://www.phpmyadmin.net/home_page/security/PMASA-2011-5.php
Reference id Reference type URL
http://ha.xxor.se/2011/07/phpmyadmin-3x-multiple-remote-code.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062719.html
https://api.first.org/data/v1/epss?cve=CVE-2011-2505
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2505
http://securityreason.com/securityalert/8306
https://github.com/phpmyadmin/composer
https://github.com/phpmyadmin/composer/commit/7ebd958b2bf59f96fecd5b3322bdbd0b244a7967
https://github.com/phpmyadmin/phpmyadmin/commit/6e6e129f26295c83d67b74e202628a4b8bc49e54
https://github.com/phpmyadmin/phpmyadmin/commit/7ebd958b2bf59f96fecd5b3322bdbd0b244a7967
https://nvd.nist.gov/vuln/detail/CVE-2011-2505
https://web.archive.org/web/20110712103138/http://www.xxor.se/advisories/phpMyAdmin_3.x_Multiple_Remote_Code_Executions.txt
https://web.archive.org/web/20111116172111/http://www.securityfocus.com/archive/1/518804/100/0/threaded
https://web.archive.org/web/20121105034518/http://www.mandriva.com/en/support/security/advisories?name=MDVSA-2011:124
http://typo3.org/teams/security/security-bulletins/typo3-sa-2011-008
http://typo3.org/teams/security/security-bulletins/typo3-sa-2011-008/
http://www.debian.org/security/2011/dsa-2286
http://www.exploit-db.com/exploits/17514
http://www.exploit-db.com/exploits/17514/
http://www.openwall.com/lists/oss-security/2011/06/28/2
http://www.openwall.com/lists/oss-security/2011/06/28/6
http://www.openwall.com/lists/oss-security/2011/06/28/8
http://www.openwall.com/lists/oss-security/2011/06/29/11
http://www.phpmyadmin.net/home_page/security/PMASA-2011-5.php
CVE-2011-2506;CVE-2011-2505;OSVDB-73612;OSVDB-73611 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/17510.py
CVE-2011-2506;CVE-2011-2505;OSVDB-73612;OSVDB-73611 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/17514.php
CVE-2011-2506;CVE-2011-2505;OSVDB-73612;OSVDB-73611 Exploit http://www.xxor.se/advisories/phpMyAdmin_3.x_Multiple_Remote_Code_Executions.txt
GHSA-vqcm-r62w-w437 https://github.com/advisories/GHSA-vqcm-r62w-w437
Data source Exploit-DB
Date added July 8, 2011
Description phpMyAdmin3 (pma3) - Remote Code Execution
Ransomware campaign use Known
Source publication date July 8, 2011
Exploit type webapps
Platform php
Source update date July 24, 2011
Exploit Prediction Scoring System (EPSS)
Percentile 0.95889
EPSS Score 0.2458
Published At July 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T09:06:38.670790+00:00 GithubOSV Importer Import https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-vqcm-r62w-w437/GHSA-vqcm-r62w-w437.json 37.0.0