CVE-2010-3055
published 2010-08-24CVE-2010-3055: The configuration setup script (aka scripts/setup.php) in phpMyAdmin 2.11.x before 2.11.10.1 does not properly restrict key names in its output file, which…
PriorityP353high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
14.71%
96.2th percentile
The configuration setup script (aka scripts/setup.php) in phpMyAdmin 2.11.x before 2.11.10.1 does not properly restrict key names in its output file, which allows remote attackers to execute arbitrary PHP code via a crafted POST request.
Affected
29 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | phpmyadmin | < phpmyadmin 4:3.0.0 (bookworm) | phpmyadmin 4:3.0.0 (bookworm) |
| phpmyadmin | phpmyadmin | — | — |
| phpmyadmin | phpmyadmin | — | — |
| phpmyadmin | phpmyadmin | — | — |
| phpmyadmin | phpmyadmin | — | — |
| phpmyadmin | phpmyadmin | — | — |
| phpmyadmin | phpmyadmin | — | — |
| phpmyadmin | phpmyadmin | — | — |
| phpmyadmin | phpmyadmin | — | — |
| phpmyadmin | phpmyadmin | — | — |
| phpmyadmin | phpmyadmin | — | — |
| phpmyadmin | phpmyadmin | — | — |
| phpmyadmin | phpmyadmin | — | — |
| phpmyadmin | phpmyadmin | — | — |
| phpmyadmin | phpmyadmin | — | — |
| phpmyadmin | phpmyadmin | — | — |
| phpmyadmin | phpmyadmin | — | — |
| phpmyadmin | phpmyadmin | — | — |
| phpmyadmin | phpmyadmin | — | — |
| phpmyadmin | phpmyadmin | — | — |
| phpmyadmin | phpmyadmin | — | — |
| phpmyadmin | phpmyadmin | — | — |
| phpmyadmin | phpmyadmin | — | — |
| phpmyadmin | phpmyadmin | — | — |
| phpmyadmin | phpmyadmin | — | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH
vendor_debian7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-6442-8w69-mgwm: The configuration setup script (aka scripts/setup
ghsa_unreviewed·2022-05-17
CVE-2010-3055 [HIGH] GHSA-6442-8w69-mgwm: The configuration setup script (aka scripts/setup
The configuration setup script (aka scripts/setup.php) in phpMyAdmin 2.11.x before 2.11.10.1 does not properly restrict key names in its output file, which allows remote attackers to execute arbitrary PHP code via a crafted POST request.
OSV
CVE-2010-3055: The configuration setup script (aka scripts/setup
osv·2010-08-24·CVSS 7.5
CVE-2010-3055 [HIGH] CVE-2010-3055: The configuration setup script (aka scripts/setup
The configuration setup script (aka scripts/setup.php) in phpMyAdmin 2.11.x before 2.11.10.1 does not properly restrict key names in its output file, which allows remote attackers to execute arbitrary PHP code via a crafted POST request.
Debian
CVE-2010-3055: phpmyadmin - The configuration setup script (aka scripts/setup.php) in phpMyAdmin 2.11.x befo...
vendor_debian·2010·CVSS 7.5
CVE-2010-3055 [HIGH] CVE-2010-3055: phpmyadmin - The configuration setup script (aka scripts/setup.php) in phpMyAdmin 2.11.x befo...
The configuration setup script (aka scripts/setup.php) in phpMyAdmin 2.11.x before 2.11.10.1 does not properly restrict key names in its output file, which allows remote attackers to execute arbitrary PHP code via a crafted POST request.
Scope: local
bookworm: resolved (fixed in 4:3.0.0)
bullseye: resolved (fixed in 4:3.0.0)
forky: resolved (fixed in 4:3.0.0)
sid: resolved (fixed in 4:3.0.0)
trixie: resolved (fixed in 4:3.0.0)
Citrix
Citrix Security Bulletin CTX125976
vendor_citrix·CVSS 9.3
CVE-2010-2991 [CRITICAL] Citrix Security Bulletin CTX125976
Citrix Security Bulletin CTX125976
CVE References: CVE-2010-2991, CVE-2025-12101, CVE-2025-62626, CVE-2026-23554, CVE-2026-3055, CVE-2026-4368, CVE-2026-4397
Affected Products: Citrix ADM, Citrix Hypervisor, Citrix Virtual Apps and Desktops, Endpoint Management, NetScaler ADC, NetScaler Gateway, XenServer
Citrix
Citrix Security Bulletin CTX127541
vendor_citrix·CVSS 4.3
CVE-2010-4515 [MEDIUM] Citrix Security Bulletin CTX127541
Citrix Security Bulletin CTX127541
CVE References: CVE-2010-4515, CVE-2025-12101, CVE-2025-62626, CVE-2026-23554, CVE-2026-3055, CVE-2026-4368, CVE-2026-4397
Affected Products: Citrix ADM, Citrix Hypervisor, Citrix Virtual Apps and Desktops, Endpoint Management, NetScaler ADC, NetScaler Gateway, XenServer
Citrix
Citrix Security Bulletin CTX125319
vendor_citrix·CVSS 1.9
CVE-2010-2619 [LOW] Citrix Security Bulletin CTX125319
Citrix Security Bulletin CTX125319
CVE References: CVE-2010-2619, CVE-2025-12101, CVE-2025-62626, CVE-2026-23554, CVE-2026-3055, CVE-2026-4368, CVE-2026-4397
Affected Products: Citrix ADM, Citrix Hypervisor, Citrix Virtual Apps and Desktops, Endpoint Management, NetScaler ADC, NetScaler Gateway, XenServer
Citrix
Citrix Security Bulletin CTX125975
vendor_citrix·CVSS 9.3
CVE-2010-2990 [CRITICAL] Citrix Security Bulletin CTX125975
Citrix Security Bulletin CTX125975
CVE References: CVE-2010-2990, CVE-2025-12101, CVE-2025-62626, CVE-2026-23554, CVE-2026-3055, CVE-2026-4368, CVE-2026-4397
Affected Products: Citrix ADM, Citrix Hypervisor, Citrix Virtual Apps and Desktops, Endpoint Management, NetScaler ADC, NetScaler Gateway, XenServer
Citrix
Citrix Security Bulletin CTX127613
vendor_citrix·CVSS 9.3
CVE-2010-4566 [CRITICAL] Citrix Security Bulletin CTX127613
Citrix Security Bulletin CTX127613
CVE References: CVE-2010-4566, CVE-2025-12101, CVE-2025-62626, CVE-2026-23554, CVE-2026-3055, CVE-2026-4368, CVE-2026-4397
Affected Products: Citrix ADM, Citrix Hypervisor, Citrix Virtual Apps and Desktops, Endpoint Management, NetScaler ADC, NetScaler Gateway, XenServer
Citrix
Citrix Security Bulletin CTX123193
vendor_citrix·CVSS 4.6
CVE-2010-0633 [MEDIUM] Citrix Security Bulletin CTX123193
Citrix Security Bulletin CTX123193
CVE References: CVE-2010-0633, CVE-2025-12101, CVE-2025-62626, CVE-2026-23554, CVE-2026-3055, CVE-2026-4368, CVE-2026-4397
Affected Products: Citrix ADM, Citrix Hypervisor, Citrix Virtual Apps and Desktops, Endpoint Management, NetScaler ADC, NetScaler Gateway, XenServer
Citrix
Citrix Security Bulletin CTX123456
vendor_citrix·CVSS 4.6
CVE-2010-0633 [MEDIUM] Citrix Security Bulletin CTX123456
Citrix Security Bulletin CTX123456
CVE References: CVE-2010-0633, CVE-2025-12101, CVE-2025-62626, CVE-2026-23554, CVE-2026-3055, CVE-2026-4368, CVE-2026-4397
Affected Products: Citrix ADM, Citrix Hypervisor, Citrix Virtual Apps and Desktops, Endpoint Management, NetScaler ADC, NetScaler Gateway, XenServer
Citrix
Citrix Security Bulletin CTX123460
vendor_citrix·CVSS 4.6
CVE-2010-0633 [MEDIUM] Citrix Security Bulletin CTX123460
Citrix Security Bulletin CTX123460
CVE References: CVE-2010-0633, CVE-2025-12101, CVE-2025-62626, CVE-2026-23554, CVE-2026-3055, CVE-2026-4368, CVE-2026-4397
Affected Products: Citrix ADM, Citrix Hypervisor, Citrix Virtual Apps and Desktops, Endpoint Management, NetScaler ADC, NetScaler Gateway, XenServer
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commitdiff%3Bh=30c83acddb58d3bbf940b5f9ec28abf5b235f4d2http://secunia.com/advisories/41058http://secunia.com/advisories/41185http://sourceforge.net/tracker/?func=detail&aid=3045132&group_id=23067&atid=377408http://www.debian.org/security/2010/dsa-2097http://www.mandriva.com/security/advisories?name=MDVSA-2010:163http://www.phpmyadmin.net/home_page/security/PMASA-2010-4.phphttp://www.securityfocus.com/bid/42591http://www.vupen.com/english/advisories/2010/2223http://www.vupen.com/english/advisories/2010/2231http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commitdiff%3Bh=30c83acddb58d3bbf940b5f9ec28abf5b235f4d2http://secunia.com/advisories/41058http://secunia.com/advisories/41185http://sourceforge.net/tracker/?func=detail&aid=3045132&group_id=23067&atid=377408http://www.debian.org/security/2010/dsa-2097http://www.mandriva.com/security/advisories?name=MDVSA-2010:163http://www.phpmyadmin.net/home_page/security/PMASA-2010-4.phphttp://www.securityfocus.com/bid/42591http://www.vupen.com/english/advisories/2010/2223http://www.vupen.com/english/advisories/2010/2231
2010-08-24
Published