CVE-2011-2506 in Ubuntu

CVE-2011-2506

Priority

Medium

Description

setup/lib/ConfigGenerator.class.php in phpMyAdmin 3.x before 3.3.10.2 and
3.4.x before 3.4.3.1 does not properly restrict the presence of comment
closing delimiters, which allows remote attackers to conduct static code
injection attacks by leveraging the ability to modify the SESSION
superglobal array.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2506

Bugs

https://bugs.launchpad.net/ubuntu/+source/phpmyadmin/+bug/806788

Package

Source: phpmyadmin (LP Ubuntu Debian)

Upstream:	released (4:3.4.3.1-1)
Ubuntu 14.04 LTS (Trusty Tahr):	released (4:3.4.3.1-1)

More Information

Mitre
NVD
Launchpad
Debian

Updated: 2017-12-14 19:53:30 UTC (commit 13907)