CVE-2010-4481 — Improper Authentication in Phpmyadmin

CWE-287 — Improper Authentication7 documents5 sources

Severity

5.0MEDIUMNVD

EPSS

0.7%

top 28.11%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Phpmyadmin Debian Phpmyadmin

Timeline

PublishedDec 17

Latest updateMay 17

Description

phpMyAdmin before 3.4.0-beta1 allows remote attackers to bypass authentication and obtain sensitive information via a direct request to phpinfo.php, which calls the phpinfo function.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages4 packages

▶debiandebian/phpmyadmin< phpmyadmin 4:3.3.7-3 (bookworm)

▶Packagistphpmyadmin/phpmyadmin< 3.4.0-beta1

▶Debianphpmyadmin/phpmyadmin< 4:3.3.7-3+3

▶NVDphpmyadmin/phpmyadmin3.3.9.0+50

Patches

Patch: www.phpmyadmin.net ↗Patch: www.phpmyadmin.net ↗

🔴Vulnerability Details

GHSA

phpMyAdmin allows remote attackers to bypass authentication and obtain sensitive information↗2022-05-17

▶

OSV

phpMyAdmin allows remote attackers to bypass authentication and obtain sensitive information↗2022-05-17

▶

OSV

CVE-2010-4481: phpMyAdmin before 3↗2010-12-17

▶

📋Vendor Advisories

Debian

CVE-2010-4481: phpmyadmin - phpMyAdmin before 3.4.0-beta1 allows remote attackers to bypass authentication a...↗2010

▶

💬Community

Bugzilla

CVE-2010-4480 CVE-2010-4481 phpMyAdmin various flaws [fedora-all]↗2010-12-12

▶

Bugzilla

CVE-2010-4481 phpMyAdmin: information disclosure flaw (PMASA-2010-10)↗2010-12-12

▶