CVE-2011-2718
phpMyAdmin 3.4.x < 3.4.3.2 - Authenticated Path Traversal via Export Type Field
Title source: llmDescription
Multiple directory traversal vulnerabilities in the relational schema implementation in phpMyAdmin 3.4.x before 3.4.3.2 allow remote authenticated users to include and execute arbitrary local files via directory traversal sequences in an export type field, related to (1) libraries/schema/User_Schema.class.php and (2) schema_export.php.
References (13)
Core 13
Core References
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/45515
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/45365
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/74111
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/48874
Product x_refsource_confirm
http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commit%3Bh=3ae58f0cd6b89ad4767920f9b214c38d3f6d4393
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2011:124
Patch mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2011/07/26/10
Patch x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=725383
Patch, Vendor Advisory x_refsource_confirm
http://www.phpmyadmin.net/home_page/security/PMASA-2011-11.php
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063410.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/68768
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063418.html
Patch mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2011/07/25/4
Scores
EPSS
0.0100
EPSS Percentile
77.3%
Details
CWE
CWE-22
Status
published
Products (6)
phpmyadmin/phpmyadmin
3.4.0.0
phpmyadmin/phpmyadmin
3.4.1.0
phpmyadmin/phpmyadmin
3.4.2.0
phpmyadmin/phpmyadmin
3.4.3.0
phpmyadmin/phpmyadmin
3.4.3.1
phpmyadmin/phpmyadmin
3.4 - 3.4.3.2Packagist
Published
Aug 01, 2011
Tracked Since
Feb 18, 2026