CVE-2011-0986 — Improper Input Validation in Phpmyadmin

CWE-20 — Improper Input Validation CWE-22 — Path Traversal5 documents4 sources

Severity

5.0MEDIUMNVD

EPSS

0.5%

top 32.15%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Phpmyadmin Debian Phpmyadmin

Timeline

PublishedFeb 14

Latest updateMay 17

Description

phpMyAdmin 2.11.x before 2.11.11.2, and 3.3.x before 3.3.9.1, does not properly handle the absence of the (1) README, (2) ChangeLog, and (3) LICENSE files, which allows remote attackers to obtain the installation path via a direct request for a nonexistent file.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages4 packages

▶debiandebian/phpmyadmin< phpmyadmin 4:3.3.9.2-1 (bookworm)

▶Packagistphpmyadmin/phpmyadmin2.11.0 — 2.11.11.2+1

▶Debianphpmyadmin/phpmyadmin< 4:3.3.9.2-1+3

▶NVDphpmyadmin/phpmyadmin53 versions+52

Patches

Patch: www.phpmyadmin.net ↗Patch: www.phpmyadmin.net ↗

🔴Vulnerability Details

GHSA

phpMyAdmin allows remote attackers to obtain installation path via direct request for nonexistent file↗2022-05-17

▶

OSV

phpMyAdmin allows remote attackers to obtain installation path via direct request for nonexistent file↗2022-05-17

▶

OSV

CVE-2011-0986: phpMyAdmin 2↗2011-02-14

▶

📋Vendor Advisories

Debian

CVE-2011-0986: phpmyadmin - phpMyAdmin 2.11.x before 2.11.11.2, and 3.3.x before 3.3.9.1, does not properly ...↗2011

▶