Improper Authentication Affecting phpmyadmin package, versions <4:3.3.7-3
Threat Intelligence
EPSS
0.56% (78th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-DEBIAN8-PHPMYADMIN-418026
- published 17 Dec 2010
- disclosed 17 Dec 2010
Introduced: 17 Dec 2010
CVE-2010-4481 Open this link in a new tabHow to fix?
Upgrade Debian:8 phpmyadmin to version 4:3.3.7-3 or higher.
NVD Description
Note: Versions mentioned in the description apply only to the upstream phpmyadmin package and not the phpmyadmin package as distributed by Debian.
See How to fix? for Debian:8 relevant fixed versions and status.
phpMyAdmin before 3.4.0-beta1 allows remote attackers to bypass authentication and obtain sensitive information via a direct request to phpinfo.php, which calls the phpinfo function.
References
- https://security-tracker.debian.org/tracker/CVE-2010-4481
- http://www.debian.org/security/2010/dsa-2139
- http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commitdiff;h=4d9fd005671b05c4d74615d5939ed45e4d019e4c
- http://www.phpmyadmin.net/home_page/security/PMASA-2010-10.php
- http://www.vupen.com/english/advisories/2010/3238
- http://www.vupen.com/english/advisories/2011/0001
- http://www.vupen.com/english/advisories/2011/0027
- http://secunia.com/advisories/42485
- http://secunia.com/advisories/42725
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:000
- http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commitdiff%3Bh=4d9fd005671b05c4d74615d5939ed45e4d019e4c
CVSS Scores
version 3.1