CVE-2010-3055

NameCVE-2010-3055
DescriptionThe configuration setup script (aka scripts/setup.php) in phpMyAdmin 2.11.x before 2.11.10.1 does not properly restrict key names in its output file, which allows remote attackers to execute arbitrary PHP code via a crafted POST request.
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDSA-2097-1, DSA-2097-2

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
phpmyadmin (PTS)bullseye4:5.0.4+dfsg2-2+deb11u1fixed
bullseye (security)4:5.0.4+dfsg2-2+deb11u2fixed
bookworm4:5.2.1+dfsg-1+deb12u1fixed
trixie4:5.2.2-really+dfsg-1fixed
forky, sid4:5.2.3+dfsg-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
phpmyadminsourcelenny4:2.11.8.1-5+lenny6DSA-2097-2
phpmyadminsource(unstable)4:3.0.0

Notes

Affects only 2.x branch
Search for package or bug name: Reporting problems