Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-2718

Overview

Vulnerability Score 6.0 6.0
CVE Id CVE-2011-2718
Last Modified 25 Oct 2011 11:00:10
Published 01 Aug 2011 03:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2011-2718

Summary

Multiple directory traversal vulnerabilities in the relational schema implementation in phpMyAdmin 3.4.x before 3.4.3.2 allow remote authenticated users to include and execute arbitrary local files via directory traversal sequences in an export type field, related to (1) libraries/schema/User_Schema.class.php and (2) schema_export.php.

Vulnerable Systems

Application

  • Phpmyadmin 3.4.0.0

  • Phpmyadmin 3.4.1.0

  • Phpmyadmin 3.4.2.0

  • Phpmyadmin 3.4.3.0

  • Phpmyadmin 3.4.3.1


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=725383

CONFIRM - http://www.phpmyadmin.net/home_page/security/PMASA-2011-11.php

MLIST - [oss-security] 20110726 Re: CVE-Request -- phpMyAdmin -- PMASA-2011-11 and PMASA-2011-12

MLIST - [oss-security] 20110725 CVE-Request -- phpMyAdmin -- PMASA-2011-11 and PMASA-2011-12

CONFIRM - http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commit;h=3ae58f0cd6b89ad4767920f9b214c38d3f6d4393

XF - phpmyadmin-schema-file-include(68768)

BID - 48874

MANDRIVA - MDVSA-2011:124

SECUNIA - 45515

SECUNIA - 45365

OSVDB - 74111

FEDORA - FEDORA-2011-9734

FEDORA - FEDORA-2011-9725


Last Updated: 27 May 2016 10:57:05