CVE-2011-2505

N/A Unknown

Published: July 14, 2011 Modified: April 29, 2026

Description

libraries/auth/swekey/swekey.auth.lib.php in the Swekey authentication feature in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 assigns values to arbitrary parameters referenced in the query string, which allows remote attackers to modify the SESSION superglobal array via a crafted request, related to a "remote variable manipulation vulnerability."

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://ha.xxor.se/2011/07/phpmyadmin-3x-multiple-remote-code.html

Source: secalert@redhat.com

Exploit

http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062719.html

Source: secalert@redhat.com

http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commit%3Bh=7ebd958b2bf59f96fecd5b3322bdbd0b244a7967

Source: secalert@redhat.com

http://secunia.com/advisories/45139

Source: secalert@redhat.com

Vendor Advisory

http://secunia.com/advisories/45292

Source: secalert@redhat.com

http://secunia.com/advisories/45315

Source: secalert@redhat.com

http://securityreason.com/securityalert/8306

Source: secalert@redhat.com

http://typo3.org/teams/security/security-bulletins/typo3-sa-2011-008/

Source: secalert@redhat.com

http://www.debian.org/security/2011/dsa-2286

Source: secalert@redhat.com

http://www.exploit-db.com/exploits/17514/

Source: secalert@redhat.com

Exploit

http://www.mandriva.com/security/advisories?name=MDVSA-2011:124

Source: secalert@redhat.com

http://www.openwall.com/lists/oss-security/2011/06/28/2

Source: secalert@redhat.com

http://www.openwall.com/lists/oss-security/2011/06/28/6

Source: secalert@redhat.com

http://www.openwall.com/lists/oss-security/2011/06/28/8

Source: secalert@redhat.com

http://www.openwall.com/lists/oss-security/2011/06/29/11

Source: secalert@redhat.com

http://www.osvdb.org/73611

Source: secalert@redhat.com

http://www.phpmyadmin.net/home_page/security/PMASA-2011-5.php

Source: secalert@redhat.com

Patch Vendor Advisory

http://www.securityfocus.com/archive/1/518804/100/0/threaded

Source: secalert@redhat.com

http://www.xxor.se/advisories/phpMyAdmin_3.x_Multiple_Remote_Code_Executions.txt

Source: secalert@redhat.com

http://ha.xxor.se/2011/07/phpmyadmin-3x-multiple-remote-code.html

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062719.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commit%3Bh=7ebd958b2bf59f96fecd5b3322bdbd0b244a7967

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/45139

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/45292

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/45315

Source: af854a3a-2127-422b-91ae-364da2661108

http://securityreason.com/securityalert/8306

Source: af854a3a-2127-422b-91ae-364da2661108

http://typo3.org/teams/security/security-bulletins/typo3-sa-2011-008/

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2011/dsa-2286

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.exploit-db.com/exploits/17514/

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://www.mandriva.com/security/advisories?name=MDVSA-2011:124

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2011/06/28/2

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2011/06/28/6

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2011/06/28/8

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2011/06/29/11

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.osvdb.org/73611

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.phpmyadmin.net/home_page/security/PMASA-2011-5.php

Source: af854a3a-2127-422b-91ae-364da2661108

Patch Vendor Advisory

http://www.securityfocus.com/archive/1/518804/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.xxor.se/advisories/phpMyAdmin_3.x_Multiple_Remote_Code_Executions.txt

Source: af854a3a-2127-422b-91ae-364da2661108

38 reference(s) from NVD

Quick Stats

CVSS v3 Score

N/A / 10.0

EPSS (Exploit Probability)

12.9%

96th percentile

Exploitation Status

Not in CISA KEV

Weaknesses (CWE)

CWE-94

Affected Vendors

phpmyadmin

Related CVEs

CVE-2026-56414 7.2

CVE-2026-55975 7.2

CVE-2026-33560 7.1

CVE-2026-31928 8.1

CVE-2026-28701 9.8