CVE-2011-2718

critical

Description

Multiple directory traversal vulnerabilities in the relational schema implementation in phpMyAdmin 3.4.x before 3.4.3.2 allow remote authenticated users to include and execute arbitrary local files via directory traversal sequences in an export type field, related to (1) libraries/schema/User_Schema.class.php and (2) schema_export.php.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/68768

https://bugzilla.redhat.com/show_bug.cgi?id=725383

http://www.securityfocus.com/bid/48874

http://www.phpmyadmin.net/home_page/security/PMASA-2011-11.php

http://www.openwall.com/lists/oss-security/2011/07/26/10

http://www.openwall.com/lists/oss-security/2011/07/25/4

http://www.mandriva.com/security/advisories?name=MDVSA-2011:124

http://secunia.com/advisories/45515

http://secunia.com/advisories/45365

http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commit%3Bh=3ae58f0cd6b89ad4767920f9b214c38d3f6d4393

http://osvdb.org/74111

http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063418.html

http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063410.html

Details

Source: Mitre, NVD

Published: 2011-08-01

Updated: 2023-02-13

Risk Information

CVSS v2

Base Score: 6

Vector: CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical