CVE-2011-2643

2011-08-0119:55:01

CWE-22

mitre

web.nvd.nist.gov

cve-2011-2643

directory traversal

vulnerability

phpmyadmin

remote attack

local files

mime-type transformation

nvd

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

6.5

Confidence

High

EPSS

0.026

Percentile

90.4%

JSON

Directory traversal vulnerability in sql.php in phpMyAdmin 3.4.x before 3.4.3.2, when configuration storage is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a MIME-type transformation parameter.

Affected configurations

Nvd

Node

phpmyadminphpmyadminMatch3.4.0.0

phpmyadminphpmyadminMatch3.4.1.0

phpmyadminphpmyadminMatch3.4.2.0

phpmyadminphpmyadminMatch3.4.3.0

phpmyadminphpmyadminMatch3.4.3.1

VendorProductVersionCPE
phpmyadminphpmyadmin3.4.3.0cpe:/a:phpmyadmin:phpmyadmin:3.4.3.0:::
phpmyadminphpmyadmin3.4.3.1cpe:/a:phpmyadmin:phpmyadmin:3.4.3.1:::
phpmyadminphpmyadmin3.4.2.0cpe:/a:phpmyadmin:phpmyadmin:3.4.2.0:::
phpmyadminphpmyadmin3.4.1.0cpe:/a:phpmyadmin:phpmyadmin:3.4.1.0:::
phpmyadminphpmyadmin3.4.0.0cpe:/a:phpmyadmin:phpmyadmin:3.4.0.0:::

Vendor	Product	Version	CPE
phpmyadmin	phpmyadmin	3.4.3.0	cpe:/a:phpmyadmin:phpmyadmin:3.4.3.0:::
phpmyadmin	phpmyadmin	3.4.3.1	cpe:/a:phpmyadmin:phpmyadmin:3.4.3.1:::
phpmyadmin	phpmyadmin	3.4.2.0	cpe:/a:phpmyadmin:phpmyadmin:3.4.2.0:::
phpmyadmin	phpmyadmin	3.4.1.0	cpe:/a:phpmyadmin:phpmyadmin:3.4.1.0:::
phpmyadmin	phpmyadmin	3.4.0.0	cpe:/a:phpmyadmin:phpmyadmin:3.4.0.0:::