CVE-2011-2506
Priority
Medium
Description
setup/lib/ConfigGenerator.class.php in phpMyAdmin 3.x before 3.3.10.2 and
3.4.x before 3.4.3.1 does not properly restrict the presence of comment
closing delimiters, which allows remote attackers to conduct static code
injection attacks by leveraging the ability to modify the SESSION
superglobal array.
3.4.x before 3.4.3.1 does not properly restrict the presence of comment
closing delimiters, which allows remote attackers to conduct static code
injection attacks by leveraging the ability to modify the SESSION
superglobal array.
Package
| Upstream: | released (4:3.4.3.1-1) |
| Ubuntu 8.04 LTS (Hardy Heron): | ignored (reached end-of-life) |
| Ubuntu 10.04 LTS (Lucid Lynx): | needed |
| Ubuntu 11.10 (Oneiric Ocelot): | released (4:3.4.3.1-1) |
| Ubuntu 12.04 LTS (Precise Pangolin): | released (4:3.4.3.1-1) |
| Ubuntu 12.10 (Quantal Quetzal): | released (4:3.4.3.1-1) |
| Ubuntu 13.04 (Raring Ringtail): | released (4:3.4.3.1-1) |