CVE-2011-2506

phpMyAdmin 3.x < 3.3.10.2 and 3.4.x < 3.4.3.1 - Remote Code Injection via SESSION Superglobal

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2011-2506. PoCs published by Mango, wofeiwo.

AI-analyzed exploit summary This exploit targets a remote code injection vulnerability in phpMyAdmin versions < 3.3.10.2 and < 3.4.3.1. It leverages session poisoning and file saving to inject arbitrary PHP code into the configuration file, achieving remote code execution.

Description

setup/lib/ConfigGenerator.class.php in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 does not properly restrict the presence of comment closing delimiters, which allows remote attackers to conduct static code injection attacks by leveraging the ability to modify the SESSION superglobal array.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Mango · phpwebappsphp
https://www.exploit-db.com/exploits/17514

This exploit targets a remote code injection vulnerability in phpMyAdmin versions < 3.3.10.2 and < 3.4.3.1. It leverages session poisoning and file saving to inject arbitrary PHP code into the configuration file, achieving remote code execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: phpMyAdmin < 3.3.10.2 || phpMyAdmin < 3.4.3.1
No auth needed
Prerequisites: Access to the phpMyAdmin setup/index.php endpoint · cURL support in PHP
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by wofeiwo · pythonwebappsphp
https://www.exploit-db.com/exploits/17510

This exploit targets a PHP session variable manipulation vulnerability in phpMyAdmin versions below 3.3.10.2 and 3.4.3.1, allowing remote code execution by injecting malicious payloads into session variables and leveraging the setup script to write a webshell.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: phpMyAdmin < 3.3.10.2 and < 3.4.3.1
No auth needed
Prerequisites: Config directory must be writable · session.auto_start = 1 in php.ini
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (19)

Core 19
Core References
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2011/06/28/2
Patch, Vendor Advisory x_refsource_confirm
http://www.phpmyadmin.net/home_page/security/PMASA-2011-6.php
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/45292
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2011/06/28/6
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2011/06/28/8
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2011:124
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/8306
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/45139
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/17514/
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2011/dsa-2286
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/518804/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/73612
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2011/06/29/11
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/45315
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062719.html

Scores

EPSS 0.3368
EPSS Percentile 97.1%

Details

CWE
CWE-94
Status published
Products (35)
phpmyadmin/phpmyadmin 3.0.0 (4 CPE variants)
phpmyadmin/phpmyadmin 3.0.1 (2 CPE variants)
phpmyadmin/phpmyadmin 3.0.1.1
phpmyadmin/phpmyadmin 3.1.0 (2 CPE variants)
phpmyadmin/phpmyadmin 3.1.1 (2 CPE variants)
phpmyadmin/phpmyadmin 3.1.2 (2 CPE variants)
phpmyadmin/phpmyadmin 3.1.3 (2 CPE variants)
phpmyadmin/phpmyadmin 3.1.3.1
phpmyadmin/phpmyadmin 3.1.3.2
phpmyadmin/phpmyadmin 3.1.4 (2 CPE variants)
... and 25 more
Published Jul 14, 2011
Tracked Since Feb 18, 2026