Debian DSA-2286-1 : phpmyadmin - several vulnerabilities

high Nessus Plugin ID 55708
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.


The remote Debian host is missing a security-related update.


Several vulnerabilities were discovered in phpMyAdmin, a tool to administrate MySQL over the web. The Common Vulnerabilities and Exposures project identifies the following problems :

- CVE-2011-2505 Possible session manipulation in Swekey authentication.

- CVE-2011-2506 Possible code injection in setup script, in case session variables are compromised.

- CVE-2011-2507 Regular expression quoting issue in Synchronize code.

- CVE-2011-2508 Possible directory traversal in MIME-type transformation.

- CVE-2011-2642 Cross site scripting in table Print view when the attacker can create crafted table names.

- No CVE name yet

Possible superglobal and local variables manipulation in Swekey authentication. (PMASA-2011-12)

The oldstable distribution (lenny) is only affected by CVE-2011-2642, which has been fixed in version


Upgrade the phpmyadmin packages.

For the stable distribution (squeeze), these problems have been fixed in version 3.3.7-6.

See Also

Plugin Details

Severity: High

ID: 55708

File Name: debian_DSA-2286.nasl

Version: 1.16

Type: local

Agent: unix

Published: 7/28/2011

Updated: 1/11/2021

Dependencies: ssh_get_info.nasl

Risk Information


Risk Factor: High

Score: 7.4


Risk Factor: High

Base Score: 7.5

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

Vulnerability Information

CPE: cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*, p-cpe:2.3:a:debian:debian_linux:phpmyadmin:*:*:*:*:*:*:*

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 7/26/2011

Vulnerability Publication Date: 7/14/2011

Exploitable With

Elliot (Phpmyadmin 3.x RCE)

Reference Information

CVE: CVE-2011-2505, CVE-2011-2506, CVE-2011-2507, CVE-2011-2508, CVE-2011-2642

BID: 48563, 48874

DSA: 2286