Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.Install Now
Available for macOS, Windows, and Linux
FreeBSD Ports: phpmyadmin
The remote host is missing an update to the system as announced in the referenced advisory.
The following package is affected: phpmyadmin CVE-2011-2505 libraries/auth/swekey/swekey.auth.lib.php in the Swekey authentication feature in phpMyAdmin 3.x before 220.127.116.11 and 3.4.x before 18.104.22.168 assigns values to arbitrary parameters referenced in the query string, which allows remote attackers to modify the SESSION superglobal array via a crafted request, related to a 'remote variable manipulation vulnerability.' CVE-2011-2506 setup/lib/ConfigGenerator.class.php in phpMyAdmin 3.x before 22.214.171.124 and 3.4.x before 126.96.36.199 does not properly restrict the presence of comment closing delimiters, which allows remote attackers to conduct static code injection attacks by leveraging the ability to modify the SESSION superglobal array. CVE-2011-2507 libraries/server_synchronize.lib.php in the Synchronize implementation in phpMyAdmin 3.x before 188.8.131.52 and 3.4.x before 184.108.40.206 does not properly quote regular expressions, which allows remote authenticated users to inject a PCRE e (aka PREG_REPLACE_EVAL) modifier, and consequently execute arbitrary PHP code, by leveraging the ability to modify the SESSION superglobal array. CVE-2011-2508 Directory traversal vulnerability in libraries/display_tbl.lib.php in phpMyAdmin 3.x before 220.127.116.11 and 3.4.x before 18.104.22.168, when a certain MIME transformation feature is enabled, allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in a GLOBALS[mime_map][$meta->name][transformation] parameter.
Update your system with the appropriate patches or software upgrades.
Common Vulnerabilities and Exposures (CVE)