Description

setup/lib/ConfigGenerator.class.php in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 does not properly restrict the presence of comment closing delimiters, which allows remote attackers to conduct static code injection attacks by leveraging the ability to modify the SESSION superglobal array.

Remediation

References

CVE-2011-2506

Related Vulnerabilities

MySQL CVE-2020-14567 Vulnerability (CVE-2020-14567)

TYPO3 Other Vulnerability (CVE-2012-1605)

WordPress Plugin HTML5 MP3 Player with Playlist Free Information Disclosure (2.6)

Squid Missing Authentication for Critical Function Vulnerability (CVE-2019-12524)

WebLogic Improper Check for Unusual or Exceptional Conditions Vulnerability (CVE-2019-17195)

Severity

High

Classification

CVE-2011-2506 CWE-94

Tags

Missing Update Known Vulnerabilities