CVE-2011-2719

phpMyAdmin 3.x < 3.3.10.3 and 3.4.x < 3.4.3.2 - Session Variable Manipulation via Crafted Query String

Title source: llm

Description

libraries/auth/swekey/swekey.auth.lib.php in phpMyAdmin 3.x before 3.3.10.3 and 3.4.x before 3.4.3.2 does not properly manage sessions associated with Swekey authentication, which allows remote attackers to modify the SESSION superglobal array, other superglobal arrays, and certain swekey.auth.lib.php local variables via a crafted query string, a related issue to CVE-2011-2505.

References (21)

Core 21

Core References

Product x_refsource_confirm

http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commit%3Bh=e7bb42c002885c2aca7aba4d431b8c63ae4de9b7

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/518967/100/0/threaded

Mailing List mailing-list x_refsource_fulldisc

http://seclists.org/fulldisclosure/2011/Jul/300

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/519155/100/0/threaded

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/45515

Patch x_refsource_confirm

https://bugzilla.redhat.com/show_bug.cgi?id=725384

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/45365

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/48874

Vendor Advisory vendor-advisory x_refsource_mandriva

http://www.mandriva.com/security/advisories?name=MDVSA-2011:124

Patch mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2011/07/26/10

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/74112

Product x_refsource_confirm

http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commit%3Bh=571cdc6ff4bf375871b594f4e06f8ad3159d1754

Patch, Vendor Advisory x_refsource_confirm

http://www.phpmyadmin.net/home_page/security/PMASA-2011-12.php

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2011/dsa-2286

Third Party Advisory third-party-advisory x_refsource_sreason

http://securityreason.com/securityalert/8322

Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora

http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063410.html

Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora

http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063418.html

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/45315

Patch mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2011/07/25/4

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/68769

Various Sources x_refsource_misc

http://www.xxor.se/advisories/phpMyAdmin_3.x_Conditional_Session_Manipulation.txt

Scores

EPSS 0.0194

EPSS Percentile 83.7%

Details

CWE

CWE-20

Status published

Products (36)

phpmyadmin/phpmyadmin 3.0.0 (4 CPE variants)

phpmyadmin/phpmyadmin 3.0.1 (2 CPE variants)

phpmyadmin/phpmyadmin 3.0.1.1

phpmyadmin/phpmyadmin 3.1.0 (2 CPE variants)

phpmyadmin/phpmyadmin 3.1.1 (2 CPE variants)

phpmyadmin/phpmyadmin 3.1.2 (2 CPE variants)

phpmyadmin/phpmyadmin 3.1.3 (2 CPE variants)

phpmyadmin/phpmyadmin 3.1.3.1

phpmyadmin/phpmyadmin 3.1.3.2

phpmyadmin/phpmyadmin 3.1.4 (2 CPE variants)

... and 26 more

Published Aug 01, 2011

Tracked Since Feb 18, 2026