Description
setup/lib/ConfigGenerator.class.php in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 does not properly restrict the presence of comment closing delimiters, which allows remote attackers to conduct static code injection attacks by leveraging the ability to modify the SESSION superglobal array.
Remediation
References
Related Vulnerabilities
GlassFish CVE-2017-10391 Vulnerability (CVE-2017-10391)
Apache HTTP Server Other Vulnerability (CVE-2013-4352)
WordPress Plugin WooCommerce Email Test Information Disclosure (1.5)
WordPress Plugin Safe SVG Denial of Service (1.9.4)
Oracle Application Server CVE-2004-1368 Vulnerability (CVE-2004-1368)