CVE-2011-2718 Information

Feb 14, 2021 cve

Description

Multiple directory traversal vulnerabilities in the relational schema implementation in phpMyAdmin 3.4.x before 3.4.3.2 allow remote authenticated users to include and execute arbitrary local files via directory traversal sequences in an export type field related to (1) libraries/schema/User_Schema.class.php and (2) schema_export.php.

Reference

http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063410.html http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063418.html http://osvdb.org/74111 http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commit;h=3ae58f0cd6b89ad4767920f9b214c38d3f6d4393 http://secunia.com/advisories/45365 http://secunia.com/advisories/45515 http://www.mandriva.com/security/advisories?name=MDVSA-2011:124 http://www.openwall.com/lists/oss-security/2011/07/25/4 http://www.openwall.com/lists/oss-security/2011/07/26/10 http://www.phpmyadmin.net/home_page/security/PMASA-2011-11.php http://www.securityfocus.com/bid/48874 https://bugzilla.redhat.com/show_bug.cgi?id=725383 https://exchange.xforce.ibmcloud.com/vulnerabilities/68768

Share on: