CVE-2011-2643
phpMyAdmin 3.4.x < 3.4.3.2 - Remote File Inclusion via MIME-Type Transformation Parameter
Title source: llmDescription
Directory traversal vulnerability in sql.php in phpMyAdmin 3.4.x before 3.4.3.2, when configuration storage is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a MIME-type transformation parameter.
References (10)
Core 10
Core References
Patch, Vendor Advisory x_refsource_confirm
http://www.phpmyadmin.net/home_page/security/PMASA-2011-10.php
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/45515
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/45365
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/48874
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2011:124
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/68767
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063410.html
Patch x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=725382
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063418.html
Scores
EPSS
0.0038
EPSS Percentile
59.8%
Details
CWE
CWE-22
Status
published
Products (5)
phpmyadmin/phpmyadmin
3.4.0.0
phpmyadmin/phpmyadmin
3.4.1.0
phpmyadmin/phpmyadmin
3.4.2.0
phpmyadmin/phpmyadmin
3.4.3.0
phpmyadmin/phpmyadmin
3.4.3.1
Published
Aug 01, 2011
Tracked Since
Feb 18, 2026