VIR Vulnerability Intelligence Relay

CVE-2010-4481

medium
Published 2010-12-17 · Modified 2025-04-12
CVSS v3
CVSS v2
5.0
VIR risk
5.0

Description

phpMyAdmin before 3.4.0-beta1 allows remote attackers to bypass authentication and obtain sensitive information via a direct request to phpinfo.php, which calls the phpinfo function.

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2010-4481

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — http://www.vupen.com/english/advisories/2011/0027

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — http://www.vupen.com/english/advisories/2011/0001

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — http://www.vupen.com/english/advisories/2010/3238

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — http://www.phpmyadmin.net/home_page/security/PMASA-2010-10.php

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — http://secunia.com/advisories/42725

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — http://secunia.com/advisories/42485

OS impact
OSVersionStatusFixed in
debian debianbookwormfixed4:3.3.7-3
debian debianbullseyefixed4:3.3.7-3
debian debiansidfixed4:3.3.7-3
debian debiantrixiefixed4:3.3.7-3

Package impact
EcosystemPackageVulnerableFixed
php Packagistphpmyadmin/phpmyadmin<3.4.0-beta13.4.0-beta1

Application impact
VendorProductVersionsFixed
phpmyadminphpmyadmin{"endIncluding":"3.3.9.0"}
phpmyadminphpmyadmin2.11.0
phpmyadminphpmyadmin2.11.1.0
phpmyadminphpmyadmin2.11.1.1
phpmyadminphpmyadmin2.11.1.2
phpmyadminphpmyadmin2.11.2.0
phpmyadminphpmyadmin2.11.2.1
phpmyadminphpmyadmin2.11.2.2
phpmyadminphpmyadmin2.11.3.0
phpmyadminphpmyadmin2.11.4.0
phpmyadminphpmyadmin2.11.5.0
phpmyadminphpmyadmin2.11.5.1
phpmyadminphpmyadmin2.11.5.2
phpmyadminphpmyadmin2.11.6.0
phpmyadminphpmyadmin2.11.7.0
phpmyadminphpmyadmin2.11.7.1
phpmyadminphpmyadmin2.11.8.0
phpmyadminphpmyadmin2.11.9.0
phpmyadminphpmyadmin2.11.9.1
phpmyadminphpmyadmin2.11.9.2
phpmyadminphpmyadmin2.11.9.3
phpmyadminphpmyadmin2.11.9.4
phpmyadminphpmyadmin2.11.9.5
phpmyadminphpmyadmin2.11.9.6
phpmyadminphpmyadmin2.11.10.0
phpmyadminphpmyadmin2.11.10.1
phpmyadminphpmyadmin3.0.0
phpmyadminphpmyadmin3.0.1
phpmyadminphpmyadmin3.0.1.1
phpmyadminphpmyadmin3.1.0
phpmyadminphpmyadmin3.1.1
phpmyadminphpmyadmin3.1.2
phpmyadminphpmyadmin3.1.3
phpmyadminphpmyadmin3.1.3.1
phpmyadminphpmyadmin3.1.3.2
phpmyadminphpmyadmin3.1.4
phpmyadminphpmyadmin3.1.5
phpmyadminphpmyadmin3.2.0
phpmyadminphpmyadmin3.2.1
phpmyadminphpmyadmin3.2.2
phpmyadminphpmyadmin3.3.0.0
phpmyadminphpmyadmin3.3.1.0
phpmyadminphpmyadmin3.3.2.0
phpmyadminphpmyadmin3.3.3.0
phpmyadminphpmyadmin3.3.4.0
phpmyadminphpmyadmin3.3.5.0
phpmyadminphpmyadmin3.3.5.1
phpmyadminphpmyadmin3.3.6
phpmyadminphpmyadmin3.3.7
phpmyadminphpmyadmin3.3.8
phpmyadminphpmyadmin3.3.8.1

References

CWEs

CWE-287

Verify integrity in audit chain (admin only). AS-IS.