The configuration setup script (aka scripts/setup.php) in phpMyAdmin 2.11.x before 2.11.10.1 does not properly restrict key names in its output file, which allows remote attackers to execute arbitrary PHP code via a crafted POST request.
References
Configurations
Configuration 1 (hide)
|
History
07 Nov 2023, 02:05
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2010-08-24 20:00
Updated : 2024-02-28 11:41
NVD link : CVE-2010-3055
Mitre link : CVE-2010-3055
CVE.ORG link : CVE-2010-3055
JSON object : View
Products Affected
phpmyadmin
- phpmyadmin
CWE
CWE-264
Permissions, Privileges, and Access Controls