Scan for free your assets for this vulnerability
Download Mageni to scan your assets for this plus 99,432 more vulnerabilities. It is free to get started and can be installed in Windows, macOS and Linux.
FreeBSD Ports: phpmyadmin
The remote host is missing an update to the system as announced in the referenced advisory.
The following package is affected: phpmyadmin CVE-2011-2505 libraries/auth/swekey/swekey.auth.lib.php in the Swekey authentication feature in phpMyAdmin 3.x before 188.8.131.52 and 3.4.x before 184.108.40.206 assigns values to arbitrary parameters referenced in the query string, which allows remote attackers to modify the SESSION superglobal array via a crafted request, related to a 'remote variable manipulation vulnerability.' CVE-2011-2506 setup/lib/ConfigGenerator.class.php in phpMyAdmin 3.x before 220.127.116.11 and 3.4.x before 18.104.22.168 does not properly restrict the presence of comment closing delimiters, which allows remote attackers to conduct static code injection attacks by leveraging the ability to modify the SESSION superglobal array. CVE-2011-2507 libraries/server_synchronize.lib.php in the Synchronize implementation in phpMyAdmin 3.x before 22.214.171.124 and 3.4.x before 126.96.36.199 does not properly quote regular expressions, which allows remote authenticated users to inject a PCRE e (aka PREG_REPLACE_EVAL) modifier, and consequently execute arbitrary PHP code, by leveraging the ability to modify the SESSION superglobal array. CVE-2011-2508 Directory traversal vulnerability in libraries/display_tbl.lib.php in phpMyAdmin 3.x before 188.8.131.52 and 3.4.x before 184.108.40.206, when a certain MIME transformation feature is enabled, allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in a GLOBALS[mime_map][$meta->name][transformation] parameter.
Update your system with the appropriate patches or software upgrades.
Know your vulnerabilities for free. Start using Mageni today.
Mageni can help you to find, assess and manage your vulnerabilities.Get Started for Free