CVE-2011-2643 Information

Feb 14, 2021 cve

Description

Directory traversal vulnerability in sql.php in phpMyAdmin 3.4.x before 3.4.3.2 when configuration storage is enabled allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a MIME-type transformation parameter.

Reference

http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063410.html http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063418.html http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commit;h=f63e1bb42a37401b2fdfcd2e66cce92b7ea2025c http://secunia.com/advisories/45365 http://secunia.com/advisories/45515 http://www.mandriva.com/security/advisories?name=MDVSA-2011:124 http://www.phpmyadmin.net/home_page/security/PMASA-2011-10.php http://www.securityfocus.com/bid/48874 https://bugzilla.redhat.com/show_bug.cgi?id=725382 https://exchange.xforce.ibmcloud.com/vulnerabilities/68767

Share on: