CVE-2011-2718

2011-08-0119:55:01

CWE-22

[email protected]

web.nvd.nist.gov

cve-2011-2718

directory traversal

vulnerability

phpmyadmin

nvd

security

6.5 Medium

AI Score

Confidence

High

6 Medium

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

0.009 Low

EPSS

Percentile

82.8%

JSON

Multiple directory traversal vulnerabilities in the relational schema implementation in phpMyAdmin 3.4.x before 3.4.3.2 allow remote authenticated users to include and execute arbitrary local files via directory traversal sequences in an export type field, related to (1) libraries/schema/User_Schema.class.php and (2) schema_export.php.

Affected configurations

NVD

Node

phpmyadminphpmyadminMatch3.4.0.0

phpmyadminphpmyadminMatch3.4.1.0

phpmyadminphpmyadminMatch3.4.2.0

phpmyadminphpmyadminMatch3.4.3.0

phpmyadminphpmyadminMatch3.4.3.1

CPENameOperatorVersion
phpmyadmin:phpmyadminphpmyadmineq3.4.0.0
phpmyadmin:phpmyadminphpmyadmineq3.4.1.0
phpmyadmin:phpmyadminphpmyadmineq3.4.2.0
phpmyadmin:phpmyadminphpmyadmineq3.4.3.0
phpmyadmin:phpmyadminphpmyadmineq3.4.3.1

CPE	Name	Operator	Version
phpmyadmin:phpmyadmin	phpmyadmin	eq	3.4.0.0
phpmyadmin:phpmyadmin	phpmyadmin	eq	3.4.1.0
phpmyadmin:phpmyadmin	phpmyadmin	eq	3.4.2.0
phpmyadmin:phpmyadmin	phpmyadmin	eq	3.4.3.0
phpmyadmin:phpmyadmin	phpmyadmin	eq	3.4.3.1