CVE-2011-3189

N/A Unknown
Published: August 25, 2011 Modified: April 29, 2026
View on NVD

Description

The crypt function in PHP 5.3.7, when the MD5 hash type is used, returns the value of the salt argument instead of the hashed string, which might allow remote attackers to bypass authentication via an arbitrary password, a different vulnerability than CVE-2011-2483.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html
Source: secalert@redhat.com
http://osvdb.org/74726
Source: secalert@redhat.com
http://secunia.com/advisories/45678
Source: secalert@redhat.com
Vendor Advisory
http://support.apple.com/kb/HT5130
Source: secalert@redhat.com
http://www.openwall.com/lists/oss-security/2011/08/23/4
Source: secalert@redhat.com
http://www.php.net/ChangeLog-5.php#5.3.8
Source: secalert@redhat.com
http://www.php.net/archive/2011.php#id2011-08-23-1
Source: secalert@redhat.com
https://bugs.gentoo.org/show_bug.cgi?id=380261
Source: secalert@redhat.com
https://bugs.php.net/bug.php?id=55439
Source: secalert@redhat.com
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/69429
Source: secalert@redhat.com
http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html
Source: af854a3a-2127-422b-91ae-364da2661108
http://osvdb.org/74726
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/45678
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://support.apple.com/kb/HT5130
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.openwall.com/lists/oss-security/2011/08/23/4
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.php.net/ChangeLog-5.php#5.3.8
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.php.net/archive/2011.php#id2011-08-23-1
Source: af854a3a-2127-422b-91ae-364da2661108
https://bugs.gentoo.org/show_bug.cgi?id=380261
Source: af854a3a-2127-422b-91ae-364da2661108
https://bugs.php.net/bug.php?id=55439
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/69429
Source: af854a3a-2127-422b-91ae-364da2661108

20 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
EPSS (Exploit Probability)
4.2%
90th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-310

Affected Vendors

php

Related CVEs

CVE-2026-13422 4.3
CVE-2026-13335 6.4
CVE-2026-13333 6.5
CVE-2026-13331 6.5
CVE-2026-11356 4.4