CVE-2010-3055

The configuration setup script (aka scripts/setup.php) in phpMyAdmin 2.11.x before 2.11.10.1 does not properly restrict key names in its output file, which allows remote attackers to execute arbitrary PHP code via a crafted POST request.

Published: Aug 24, 2010
Updated: Apr 13, 2023
CVE: CVE-2010-3055
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-264

Affected Software
References

Software	From	Fixed in
phpmyadmin / phpmyadmin	2.11.1.2	2.11.1.2.x
phpmyadmin / phpmyadmin	2.11.5.1	2.11.5.1.x
phpmyadmin / phpmyadmin	2.11.5.0	2.11.5.0.x
phpmyadmin / phpmyadmin	2.11.9.0	2.11.9.0.x
phpmyadmin / phpmyadmin	2.11.9.1	2.11.9.1.x
phpmyadmin / phpmyadmin	2.11.5.2	2.11.5.2.x
phpmyadmin / phpmyadmin	2.11.2.2	2.11.2.2.x
phpmyadmin / phpmyadmin	2.11.8.0	2.11.8.0.x
phpmyadmin / phpmyadmin	2.11.4.0	2.11.4.0.x
phpmyadmin / phpmyadmin	2.11.2.1	2.11.2.1.x
phpmyadmin / phpmyadmin	2.11.9.5	2.11.9.5.x
phpmyadmin / phpmyadmin	2.11.10.0	2.11.10.0.x
phpmyadmin / phpmyadmin	2.11.6.0	2.11.6.0.x
phpmyadmin / phpmyadmin	2.11.7.0	2.11.7.0.x
phpmyadmin / phpmyadmin	2.11.9.6	2.11.9.6.x
phpmyadmin / phpmyadmin	2.11.2.0	2.11.2.0.x
phpmyadmin / phpmyadmin	2.11.9.2	2.11.9.2.x
phpmyadmin / phpmyadmin	2.11.9.3	2.11.9.3.x
phpmyadmin / phpmyadmin	2.11.1.1	2.11.1.1.x
phpmyadmin / phpmyadmin	2.11.9.4	2.11.9.4.x
phpmyadmin / phpmyadmin	2.11.7.1	2.11.7.1.x
phpmyadmin / phpmyadmin	2.11.3.0	2.11.3.0.x
phpmyadmin / phpmyadmin	2.11.1.0	2.11.1.0.x
phpmyadmin / phpmyadmin	2.11.0	2.11.0.x

Vulnerability Database

289,782

CVE-2010-3055