CVE-2011-2506

N/A Unknown

Published: July 14, 2011 Modified: April 29, 2026

Description

setup/lib/ConfigGenerator.class.php in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 does not properly restrict the presence of comment closing delimiters, which allows remote attackers to conduct static code injection attacks by leveraging the ability to modify the SESSION superglobal array.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://ha.xxor.se/2011/07/phpmyadmin-3x-multiple-remote-code.html

Source: secalert@redhat.com

Exploit

http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062719.html

Source: secalert@redhat.com

http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commit%3Bh=0fbedaf5fd7a771d0885c6b7385d934fc90d0d7f

Source: secalert@redhat.com

http://secunia.com/advisories/45139

Source: secalert@redhat.com

Vendor Advisory

http://secunia.com/advisories/45292

Source: secalert@redhat.com

http://secunia.com/advisories/45315

Source: secalert@redhat.com

http://securityreason.com/securityalert/8306

Source: secalert@redhat.com

http://typo3.org/teams/security/security-bulletins/typo3-sa-2011-008/

Source: secalert@redhat.com

http://www.debian.org/security/2011/dsa-2286

Source: secalert@redhat.com

http://www.exploit-db.com/exploits/17514/

Source: secalert@redhat.com

Exploit

http://www.mandriva.com/security/advisories?name=MDVSA-2011:124

Source: secalert@redhat.com

http://www.openwall.com/lists/oss-security/2011/06/28/2

Source: secalert@redhat.com

http://www.openwall.com/lists/oss-security/2011/06/28/6

Source: secalert@redhat.com

http://www.openwall.com/lists/oss-security/2011/06/28/8

Source: secalert@redhat.com

http://www.openwall.com/lists/oss-security/2011/06/29/11

Source: secalert@redhat.com

http://www.osvdb.org/73612

Source: secalert@redhat.com

http://www.phpmyadmin.net/home_page/security/PMASA-2011-6.php

Source: secalert@redhat.com

Patch Vendor Advisory

http://www.securityfocus.com/archive/1/518804/100/0/threaded

Source: secalert@redhat.com

http://www.xxor.se/advisories/phpMyAdmin_3.x_Multiple_Remote_Code_Executions.txt

Source: secalert@redhat.com

http://ha.xxor.se/2011/07/phpmyadmin-3x-multiple-remote-code.html

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062719.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commit%3Bh=0fbedaf5fd7a771d0885c6b7385d934fc90d0d7f

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/45139

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/45292

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/45315

Source: af854a3a-2127-422b-91ae-364da2661108

http://securityreason.com/securityalert/8306

Source: af854a3a-2127-422b-91ae-364da2661108

http://typo3.org/teams/security/security-bulletins/typo3-sa-2011-008/

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2011/dsa-2286

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.exploit-db.com/exploits/17514/

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://www.mandriva.com/security/advisories?name=MDVSA-2011:124

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2011/06/28/2

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2011/06/28/6

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2011/06/28/8

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2011/06/29/11

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.osvdb.org/73612

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.phpmyadmin.net/home_page/security/PMASA-2011-6.php

Source: af854a3a-2127-422b-91ae-364da2661108

Patch Vendor Advisory

http://www.securityfocus.com/archive/1/518804/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.xxor.se/advisories/phpMyAdmin_3.x_Multiple_Remote_Code_Executions.txt

Source: af854a3a-2127-422b-91ae-364da2661108

38 reference(s) from NVD

Quick Stats

CVSS v3 Score

N/A / 10.0

EPSS (Exploit Probability)

9.6%

95th percentile

Exploitation Status

Not in CISA KEV

Weaknesses (CWE)

CWE-94

Affected Vendors

phpmyadmin

Related CVEs

CVE-2026-56414 7.2

CVE-2026-55975 7.2

CVE-2026-33560 7.1

CVE-2026-31928 8.1

CVE-2026-28701 9.8