CVE-2011-2643

2011-08-0119:55:01

CWE-22

[email protected]

web.nvd.nist.gov

cve-2011-2643

directory traversal

vulnerability

phpmyadmin

remote attack

local files

mime-type transformation

nvd

6.5 Medium

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.026 Low

EPSS

Percentile

90.3%

JSON

Directory traversal vulnerability in sql.php in phpMyAdmin 3.4.x before 3.4.3.2, when configuration storage is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a MIME-type transformation parameter.

Affected configurations

NVD

Node

phpmyadminphpmyadminMatch3.4.0.0

phpmyadminphpmyadminMatch3.4.1.0

phpmyadminphpmyadminMatch3.4.2.0

phpmyadminphpmyadminMatch3.4.3.0

phpmyadminphpmyadminMatch3.4.3.1

CPENameOperatorVersion
phpmyadmin:phpmyadminphpmyadmineq3.4.0.0
phpmyadmin:phpmyadminphpmyadmineq3.4.1.0
phpmyadmin:phpmyadminphpmyadmineq3.4.2.0
phpmyadmin:phpmyadminphpmyadmineq3.4.3.0
phpmyadmin:phpmyadminphpmyadmineq3.4.3.1

CPE	Name	Operator	Version
phpmyadmin:phpmyadmin	phpmyadmin	eq	3.4.0.0
phpmyadmin:phpmyadmin	phpmyadmin	eq	3.4.1.0
phpmyadmin:phpmyadmin	phpmyadmin	eq	3.4.2.0
phpmyadmin:phpmyadmin	phpmyadmin	eq	3.4.3.0
phpmyadmin:phpmyadmin	phpmyadmin	eq	3.4.3.1