Vulnerability Details : CVE-2011-3646
phpmyadmin.css.php in phpMyAdmin 3.4.x before 3.4.6 allows remote attackers to obtain sensitive information via an array-typed js_frame parameter to phpmyadmin.css.php, which reveals the installation path in an error message.
Vulnerability category: Input validation
Products affected by CVE-2011-3646
- cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.5.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2011-3646
0.64%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 79 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2011-3646
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2011-3646
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-3646
-
http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069237.html
[SECURITY] Fedora 15 Update: phpMyAdmin-3.4.7-1.fc15
-
http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069235.html
[SECURITY] Fedora 16 Update: phpMyAdmin-3.4.7-1.fc16
-
http://www.mandriva.com/security/advisories?name=MDVSA-2011:158
mandriva.com
-
http://www.phpmyadmin.net/home_page/security/PMASA-2011-15.php
phpMyAdmin - Security - PMASA-2011-15Patch;Vendor Advisory
-
http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069234.html
[SECURITY] Fedora 14 Update: phpMyAdmin-3.4.7-1.fc14
Jump to