CVE-2011-2718: Path Traversal
First published: Mon Jul 25 2011(Updated: )
Multiple directory traversal vulnerabilities in the relational schema implementation in phpMyAdmin 3.4.x before 3.4.3.2 allow remote authenticated users to include and execute arbitrary local files via directory traversal sequences in an export type field, related to (1) `libraries/schema/User_Schema.class.php` and (2) `schema_export.php`.
Credit: secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| composer/phpmyadmin/phpmyadmin | >=3.4<3.4.3.2 | 3.4.3.2 |
| phpMyAdmin phpMyAdmin | =3.4.0.0 | |
| phpMyAdmin phpMyAdmin | =3.4.1.0 | |
| phpMyAdmin phpMyAdmin | =3.4.2.0 | |
| phpMyAdmin phpMyAdmin | =3.4.3.0 | |
| phpMyAdmin phpMyAdmin | =3.4.3.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://nvd.nist.gov/vuln/detail/CVE-2011-2718
- https://bugzilla.redhat.com/show_bug.cgi?id=725383
- https://exchange.xforce.ibmcloud.com/vulnerabilities/68768
- http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063410.html
- http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063418.html
- http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commit;h=3ae58f0cd6b89ad4767920f9b214c38d3f6d4393
- http://www.openwall.com/lists/oss-security/2011/07/25/4
- http://www.openwall.com/lists/oss-security/2011/07/26/10
- http://www.phpmyadmin.net/home_page/security/PMASA-2011-11.php
- http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commit%3Bh=3ae58f0cd6b89ad4767920f9b214c38d3f6d4393
- https://github.com/phpmyadmin/phpmyadmin/commit/3ae58f0cd6b89ad4767920f9b214c38d3f6d4393
- https://web.archive.org/web/20120111084137/http://www.securityfocus.com/bid/48874
- https://web.archive.org/web/20121105034518/http://www.mandriva.com/en/support/security/advisories?name=MDVSA-2011:124
- https://github.com/advisories/GHSA-xhqq-554j-p4x8 (Advisory)
- http://osvdb.org/74111
- http://secunia.com/advisories/45365
- http://secunia.com/advisories/45515
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:124
- http://www.securityfocus.com/bid/48874
- http://www.phpmyadmin.net/home_page/news.php
- http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commitdiff;h=3ae58f0cd6b89ad4767920f9b214c38d3f6d4393
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=725385
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=725386
- collector/nvd-historical
- collector/nvd-index
- agent/type
- agent/first-publish-date
- agent/remedy
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2011-2718
- agent/references
- agent/author
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/description
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-xhqq-554j-p4x8
- agent/software-canonical-lookup
- collector/nvd-cve
- source/NVD
- agent/event
- agent/softwarecombine
- collector/github-advisory
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/phpmyadmin
- canonical/phpmyadmin phpmyadmin
- version/phpmyadmin phpmyadmin/3.4.0.0
- version/phpmyadmin phpmyadmin/3.4.3.1
- version/phpmyadmin phpmyadmin/3.4.1.0
- version/phpmyadmin phpmyadmin/3.4.2.0
- version/phpmyadmin phpmyadmin/3.4.3.0
- package-manager/composer