Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-2508

Overview

Vulnerability Score 6.0 6.0
CVE Id CVE-2011-2508
Last Modified 25 Oct 2011 10:59:52
Published 14 Jul 2011 07:55:05
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2011-2508

Summary

Directory traversal vulnerability in libraries/display_tbl.lib.php in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1, when a certain MIME transformation feature is enabled, allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in a GLOBALS[mime_map][$meta->name][transformation] parameter.

Vulnerable Systems

Application

  • Phpmyadmin 3.0.0

  • Phpmyadmin 3.0.1

  • Phpmyadmin 3.0.1.1

  • Phpmyadmin 3.1.0

  • Phpmyadmin 3.1.1

  • Phpmyadmin 3.1.2

  • Phpmyadmin 3.1.3

  • Phpmyadmin 3.1.3.1

  • Phpmyadmin 3.1.3.2

  • Phpmyadmin 3.1.4

  • Phpmyadmin 3.1.5

  • Phpmyadmin 3.2.0

  • Phpmyadmin 3.2.1

  • Phpmyadmin 3.2.2

  • Phpmyadmin 3.3.0.0

  • Phpmyadmin 3.3.1.0

  • Phpmyadmin 3.3.10.0

  • Phpmyadmin 3.3.10.1

  • Phpmyadmin 3.3.2.0

  • Phpmyadmin 3.3.3.0

  • Phpmyadmin 3.3.4.0

  • Phpmyadmin 3.3.5.0

  • Phpmyadmin 3.3.5.1

  • Phpmyadmin 3.3.6

  • Phpmyadmin 3.3.7

  • Phpmyadmin 3.3.8

  • Phpmyadmin 3.3.8.1

  • Phpmyadmin 3.3.9.0

  • Phpmyadmin 3.3.9.1

  • Phpmyadmin 3.3.9.2

  • Phpmyadmin 3.4.0.0

  • Phpmyadmin 3.4.1.0

  • Phpmyadmin 3.4.2.0

  • Phpmyadmin 3.4.3.0


References

CONFIRM - http://www.phpmyadmin.net/home_page/security/PMASA-2011-8.php

CONFIRM - http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commit;h=b434320eff8ca9c2fc1b043c1804f868341af9a7

MISC - http://www.xxor.se/advisories/phpMyAdmin_3.x_Multiple_Remote_Code_Executions.txt

BUGTRAQ - 20110707 phpMyAdmin 3.x Multiple Remote Code Executions

OSVDB - 73614

MLIST - [oss-security] 20110629 Re: CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities

MLIST - [oss-security] 20110628 Re: [Phpmyadmin-security] CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities

MLIST - [oss-security] 20110628 Re: CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities

MLIST - [oss-security] 20110628 CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities

MANDRIVA - MDVSA-2011:124

DEBIAN - DSA-2286

CONFIRM - http://typo3.org/teams/security/security-bulletins/typo3-sa-2011-008/

SREASON - 8306

SECUNIA - 45315

SECUNIA - 45292

SECUNIA - 45139

FEDORA - FEDORA-2011-9144

MISC - http://ha.xxor.se/2011/07/phpmyadmin-3x-multiple-remote-code.html


Last Updated: 27 May 2016 10:57:02