CVE-2010-3055

EPSS 1.7%

phpmyadmin - several vulnerabilities

Published: 8/24/2010Modified: 3/9/2026

Also known as:DSA-2097-1DEBIAN-CVE-2010-3055

Description

The configuration setup script (aka scripts/setup.php) in phpMyAdmin 2.11.x before 2.11.10.1 does not properly restrict key names in its output file, which allows remote attackers to execute arbitrary PHP code via a crafted POST request.

Affected packages (3)

Debian/phpmyadminfrom 0, < 4:3.0.0
Debian/phpmyadminfrom 0, < 4:2.11.8.1-5+lenny5
Debian/phpmyadminfrom 0, < 4:2.11.8.1-5+lenny6

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2010-3055