CVE-2011-0987

Loading...

General

Score:6.5/10.0
Severity:Medium
Category:Input Validation Error

Impact Metrics

Confidentiality:Partial
Integrity:Partial
Availability:Partial

Exploitability Metrics

Access Vector:Network
Access Complexity:Low
Authentication:Single

Published on 14/02/11 - Updated on 17/08/17

Description

The PMA_Bookmark_get function in libraries/bookmark.lib.php in phpMyAdmin 2.11.x before 2.11.11.3, and 3.3.x before 3.3.9.2, does not properly restrict bookmark queries, which makes it easier for remote authenticated users to trigger another user's execution of a SQL query by creating a bookmark.

Category: Input Validation Error

CWE-20 (Input Validation)
The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program.

Security Notices

US National Vulnerability DatabaseCVE-2011-0987
Agence Nationale de la Sécurité des Systèmes d'Information CERTA-2011-AVI-091
Debian DSA-2167-1
Renater 2011/VULN114, 2011/VULN127

Exploits

No exploits available for this CVE in our database.

Relative technologies

VendorProduct
phpmyadminphpmyadmin

Share this vulnerability with:

Twitter Facebook LinkedIn Mail