CVE-2010-4481

phpMyAdmin < 3.4.0-beta1 - Unauthenticated Sensitive Information Exposure via phpinfo.php

Title source: llm

Description

phpMyAdmin before 3.4.0-beta1 allows remote attackers to bypass authentication and obtain sensitive information via a direct request to phpinfo.php, which calls the phpinfo function.

References (9)

Core 9

Core References

Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2011/0027

Product x_refsource_confirm

http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commitdiff%3Bh=4d9fd005671b05c4d74615d5939ed45e4d019e4c

Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2011/0001

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/42485

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2010/dsa-2139

Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2010/3238

Patch, Vendor Advisory x_refsource_confirm

http://www.phpmyadmin.net/home_page/security/PMASA-2010-10.php

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/42725

Vendor Advisory vendor-advisory x_refsource_mandriva

http://www.mandriva.com/security/advisories?name=MDVSA-2011:000

Scores

EPSS 0.0069

EPSS Percentile 72.1%

Details

CWE

CWE-287

Status published

Products (38)

phpmyadmin/phpmyadmin 2.11.0

phpmyadmin/phpmyadmin 2.11.1.0

phpmyadmin/phpmyadmin 2.11.1.1

phpmyadmin/phpmyadmin 2.11.1.2

phpmyadmin/phpmyadmin 2.11.2.0

phpmyadmin/phpmyadmin 2.11.2.1

phpmyadmin/phpmyadmin 2.11.2.2

phpmyadmin/phpmyadmin 2.11.3.0

phpmyadmin/phpmyadmin 2.11.4.0

phpmyadmin/phpmyadmin 2.11.5.0

... and 28 more

Published Dec 17, 2010

Tracked Since Feb 18, 2026