Miggo Logo
Miggo Vulnerability Database
CVE-2011-2506

CVE-2011-2506: phpMyAdmin vulnerable to static code injection

7.5

CVSS Score

Basic Information

CVE ID
CVE-2011-2506
GHSA ID
GHSA-p6h7-29r2-g88f
EPSS Score
0.9548%
CWE
CWE-94
Published
5/14/2022
Updated
1/15/2024
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
AV:N/AC:L/Au:N/C:P/I:P/A:P
Package NameEcosystemVulnerable VersionsFirst Patched Version
phpmyadmin/phpmyadmincomposer>= 3.0, < 3.3.10.23.3.10.2
phpmyadmin/phpmyadmincomposer>= 3.4, < 3.4.3.13.4.3.1

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from how ConfigGenerator.class.php builds server configuration comments. The pre-patch code used strtr($cf->getServerName($id), '/', '-') but failed to sanitize the $id parameter appended in the comment. Attackers leveraging compromised session variables could craft a server ID like '/ {malicious_code} /', breaking out of the comment context. The commit 0fbedaf explicitly fixes this by sanitizing both server name and ID together via strtr($cf->getServerName($id)." [$id] ", '/', '-'), confirming this was the attack vector.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

`s*tup/li*/*on*i***n*r*tor.*l*ss.p*p` in p*pMy**min *.x ***or* *.*.**.* *n* *.*.x ***or* *.*.*.* *o*s not prop*rly r*stri*t t** pr*s*n** o* *omm*nt *losin* **limit*rs, w*i** *llows r*mot* *tt**k*rs to *on*u*t st*ti* *o** inj**tion *tt**ks *y l*v*r**i

Reasoning

T** vuln*r**ility st*ms *rom *ow *on*i***n*r*tor.*l*ss.p*p *uil*s s*rv*r *on*i*ur*tion *omm*nts. T** pr*-p*t** *o** us** strtr($**->**tS*rv*rN*m*($i*), '*/', '-') *ut **il** to s*nitiz* t** $i* p*r*m*t*r *pp*n*** in t** *omm*nt. *tt**k*rs l*v*r**in*