Description

The configuration setup script (aka scripts/setup.php) in phpMyAdmin 2.11.x before 2.11.10.1 does not properly restrict key names in its output file, which allows remote attackers to execute arbitrary PHP code via a crafted POST request.

Remediation

References

CVE-2010-3055

Related Vulnerabilities

Drupal Core 4.5.x Mail Header Injection (4.5.0 - 4.5.7)

WordPress Plugin Contact Form 7 Database Multiple Vulnerabilities (1.1)

WordPress 3.1.2 Multiple Vulnerabilities (3.0.1 - 3.1.2)

WordPress Plugin eHive Account Details Cross-Site Scripting (2.1.2)

WordPress Plugin Variation Swatches for WooCommerce Cross-Site Scripting (2.1.1)

Severity

High

Classification

CVE-2010-3055 CWE-264

Tags

Missing Update Known Vulnerabilities