CVE-2011-2505
phpymadmin - several
EPSS 37.0%
Description
libraries/auth/swekey/swekey.auth.lib.php in the Swekey authentication feature in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 assigns values to arbitrary parameters referenced in the query string, which allows remote attackers to modify the SESSION superglobal array via a crafted request, related to a "remote variable manipulation vulnerability."
How to fix CVE-2011-2505
To remediate CVE-2011-2505, upgrade the affected package to a fixed version below.
- Debian/phpmyadmin—upgrade to 4:3.4.3.1-1 or later
- Debian/phpmyadmin—upgrade to 4:3.3.7-6 or later
- —upgrade to 3.3.10.2 or later
Is CVE-2011-2505 being exploited?
Moderate — EPSS is 37.0%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (3)
- from 0, < 4:3.4.3.1-1
- from 0, < 4:3.3.7-6
- >= 3.0, < 3.3.10.2