The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
The configuration setup script (aka scripts/setup.php) in phpMyAdmin 2.11.x before 22.214.171.124 does not properly restrict key names in its output file, which allows remote attackers to execute arbitrary PHP code via a crafted POST request.
|57433||GLSA-201201-01 : phpMyAdmin: Multiple vulnerabilities||Nessus||Gentoo Local Security Checks|
|48924||Debian DSA-2097-1 : phpmyadmin - insufficient input sanitising||Nessus||Debian Local Security Checks|
|48908||phpMyAdmin setup.php Arbitrary PHP Code Execution (PMASA-2010-4)||Nessus||CGI abuses|