Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
phpMyAdmin Improper Control of Generation of Code (Code Injection) Vulnerability - CVE-2011-2506 - Vulnerability Database
phpMyAdmin

phpMyAdmin Improper Control of Generation of Code (Code Injection) Vulnerability - CVE-2011-2506

High
Reference: CVE-2011-2506
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2011-2506
Title: phpMyAdmin Improper Control of Generation of Code (Code Injection) Vulnerability
Overview:

setup/lib/ConfigGenerator.class.php in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 does not properly restrict the presence of comment closing delimiters which allows remote attackers to conduct static code injection attacks by leveraging the ability to modify the SESSION superglobal array.