CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
AI Score
Confidence
High
EPSS
Percentile
82.8%
Multiple directory traversal vulnerabilities in the relational schema implementation in phpMyAdmin 3.4.x before 3.4.3.2 allow remote authenticated users to include and execute arbitrary local files via directory traversal sequences in an export type field, related to (1) libraries/schema/User_Schema.class.php
and (2) schema_export.php
.
Vendor | Product | Version | CPE |
---|---|---|---|
phpmyadmin | phpmyadmin | * | cpe:2.3:a:phpmyadmin:phpmyadmin:*:*:*:*:*:*:*:* |
lists.fedoraproject.org/pipermail/package-announce/2011-August/063410.html
lists.fedoraproject.org/pipermail/package-announce/2011-August/063418.html
phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commit%3Bh=3ae58f0cd6b89ad4767920f9b214c38d3f6d4393
phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commit;h=3ae58f0cd6b89ad4767920f9b214c38d3f6d4393
www.openwall.com/lists/oss-security/2011/07/25/4
www.openwall.com/lists/oss-security/2011/07/26/10
www.phpmyadmin.net/home_page/security/PMASA-2011-11.php
bugzilla.redhat.com/show_bug.cgi?id=725383
exchange.xforce.ibmcloud.com/vulnerabilities/68768
github.com/advisories/GHSA-xhqq-554j-p4x8
github.com/phpmyadmin/phpmyadmin/commit/3ae58f0cd6b89ad4767920f9b214c38d3f6d4393
nvd.nist.gov/vuln/detail/CVE-2011-2718
web.archive.org/web/20120111084137/www.securityfocus.com/bid/48874
web.archive.org/web/20121105034518/www.mandriva.com/en/support/security/advisories?name=MDVSA-2011:124