Path traversal in phpMyAdmin - CVE-2011-2718
Published: August 1, 2011 / Updated: August 11, 2020
Vulnerability identifier: #VU44863
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2011-2718
CWE-ID: CWE-22
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: phpMyAdmin
Affected software:
phpMyAdmin
phpMyAdmin
Detailed vulnerability description
The vulnerability allows a remote #AU# to read and manipulate data.
Multiple directory traversal vulnerabilities in the relational schema implementation in phpMyAdmin 3.4.x before 3.4.3.2 allow remote authenticated users to include and execute arbitrary local files via directory traversal sequences in an export type field, related to (1) libraries/schema/User_Schema.class.php and (2) schema_export.php.
How to mitigate CVE-2011-2718
Install update from vendor's website.
Sources
- http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063410.html
- http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063418.html
- http://osvdb.org/74111
- http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commit;h=3ae58f0cd6b89ad4767920f9b214c38d3f6d4393
- http://secunia.com/advisories/45365
- http://secunia.com/advisories/45515
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:124
- http://www.openwall.com/lists/oss-security/2011/07/25/4
- http://www.openwall.com/lists/oss-security/2011/07/26/10
- http://www.phpmyadmin.net/home_page/security/PMASA-2011-11.php
- http://www.securityfocus.com/bid/48874
- https://bugzilla.redhat.com/show_bug.cgi?id=725383
- https://exchange.xforce.ibmcloud.com/vulnerabilities/68768