Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-2643

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2011-2643
Last Modified 25 Oct 2011 11:00:01
Published 01 Aug 2011 03:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-2643

Summary

Directory traversal vulnerability in sql.php in phpMyAdmin 3.4.x before 3.4.3.2, when configuration storage is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a MIME-type transformation parameter.

Vulnerable Systems

Application

  • Phpmyadmin 3.4.0.0

  • Phpmyadmin 3.4.1.0

  • Phpmyadmin 3.4.2.0

  • Phpmyadmin 3.4.3.0

  • Phpmyadmin 3.4.3.1


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=725382

CONFIRM - http://www.phpmyadmin.net/home_page/security/PMASA-2011-10.php

CONFIRM - http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commit;h=f63e1bb42a37401b2fdfcd2e66cce92b7ea2025c

XF - phpmyadmin-mimetype-file-include(68767)

BID - 48874

MANDRIVA - MDVSA-2011:124

SECUNIA - 45515

SECUNIA - 45365

FEDORA - FEDORA-2011-9734

FEDORA - FEDORA-2011-9725


Last Updated: 27 May 2016 10:57:04