phpMyAdmin: Permissions, Privileges, and Access Controls (CVE-2010-3055)

Back to Search

phpMyAdmin: Permissions, Privileges, and Access Controls (CVE-2010-3055)

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:P/A:P)

Published

08/24/2010

Created

07/25/2018

Added

05/02/2017

Modified

10/16/2019

Description

The configuration setup script (aka scripts/setup.php) in phpMyAdmin 2.11.x before 2.11.10.1 does not properly restrict key names in its output file, which allows remote attackers to execute arbitrary PHP code via a crafted POST request.

Solution(s)

phpmyadmin-upgrade-latest

References

https://attackerkb.com/topics/cve-2010-3055
42591
CVE - 2010-3055
DSA-2097
http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commitdiff;h=30c83acddb58d3bbf940b5f9ec28abf5b235f4d2
http://secunia.com/advisories/41058
http://secunia.com/advisories/41185
http://sourceforge.net/tracker/?func=detail&aid=3045132&group_id=23067&atid=377408
http://www.debian.org/security/2010/dsa-2097
http://www.mandriva.com/security/advisories?name=MDVSA-2010:163
http://www.phpmyadmin.net/home_page/security/PMASA-2010-4.php
http://www.securityfocus.com/bid/42591
http://www.vupen.com/english/advisories/2010/2223
http://www.vupen.com/english/advisories/2010/2231

Advanced vulnerability management analytics and reporting.

Key Features

Lightweight Endpoint Agent
Live Dashboards
Real Risk Prioritization
IT-Integrated Remediation Projects
Cloud, Virtual, and Container Assessment
Integrated Threat Feeds
Easy-to-Use RESTful API
Automation-Assisted Patching
Automated Containment

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;

Rapid7 Vulnerability & Exploit Database

phpMyAdmin: Permissions, Privileges, and Access Controls (CVE-2010-3055)