CVE-2011-3646 — Improper Input Validation in Phpmyadmin

CWE-20 — Improper Input Validation8 documents5 sources

Severity

5.0MEDIUMNVD

EPSS

0.6%

top 31.71%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Phpmyadmin Debian Phpmyadmin

Timeline

PublishedNov 17

Latest updateMay 17

Description

phpmyadmin.css.php in phpMyAdmin 3.4.x before 3.4.6 allows remote attackers to obtain sensitive information via an array-typed js_frame parameter to phpmyadmin.css.php, which reveals the installation path in an error message.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/phpmyadmin< phpmyadmin 4:3.4.6-1 (bookworm)

▶Debianphpmyadmin/phpmyadmin< 4:3.4.6-1+3

▶NVDphpmyadmin/phpmyadmin8 versions+7

Patches

Patch: www.phpmyadmin.net ↗Patch: www.phpmyadmin.net ↗

🔴Vulnerability Details

GHSA

GHSA-vqv2-j98p-2cvh: phpmyadmin↗2022-05-17

▶

OSV

CVE-2011-3646: phpmyadmin↗2011-11-17

▶

📋Vendor Advisories

Debian

CVE-2011-3646: phpmyadmin - phpmyadmin.css.php in phpMyAdmin 3.4.x before 3.4.6 allows remote attackers to o...↗2011

▶

💬Community

Bugzilla

CVE-2011-3646 CVE-2011-4064 phpMyAdmin: multiple flaws corrected in 3.4.6 (PMASA-2011-15, PMASA-2011-16) [epel-5]↗2011-10-18

▶

Bugzilla

CVE-2011-3646 CVE-2011-4064 phpMyAdmin: multiple flaws corrected in 3.4.6 (PMASA-2011-15, PMASA-2011-16) [fedora-all]↗2011-10-18

▶

Bugzilla

CVE-2011-3646 CVE-2011-4064 phpMyAdmin: multiple flaws corrected in 3.4.6 (PMASA-2011-15, PMASA-2011-16) [epel-6]↗2011-10-18

▶

Bugzilla

CVE-2011-3646 CVE-2011-4064 phpMyAdmin: multiple flaws corrected in 3.4.6 (PMASA-2011-15, PMASA-2011-16)↗2011-10-18

▶