Lucene search

[email protected]NVD:CVE-2011-2508

HistoryJul 14, 2011 - 11:55 p.m.

CVE-2011-2508

2011-07-1423:55:05

CWE-22

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

AI Score

6.5

Confidence

Low

EPSS

0.22

Percentile

96.5%

JSON

Directory traversal vulnerability in libraries/display_tbl.lib.php in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1, when a certain MIME transformation feature is enabled, allows remote authenticated users to include and execute arbitrary local files via a … (dot dot) in a GLOBALS[mime_map][$meta->name][transformation] parameter.

Affected configurations

Nvd

Node

phpmyadminphpmyadminMatch3.0.0

phpmyadminphpmyadminMatch3.0.0alpha

phpmyadminphpmyadminMatch3.0.0beta

phpmyadminphpmyadminMatch3.0.0rc1

phpmyadminphpmyadminMatch3.0.1

phpmyadminphpmyadminMatch3.0.1rc1

phpmyadminphpmyadminMatch3.0.1.1

phpmyadminphpmyadminMatch3.1.0

phpmyadminphpmyadminMatch3.1.0beta1

phpmyadminphpmyadminMatch3.1.1

phpmyadminphpmyadminMatch3.1.1rc1

phpmyadminphpmyadminMatch3.1.2

phpmyadminphpmyadminMatch3.1.2rc1

phpmyadminphpmyadminMatch3.1.3

phpmyadminphpmyadminMatch3.1.3rc1

phpmyadminphpmyadminMatch3.1.3.1

phpmyadminphpmyadminMatch3.1.3.2

phpmyadminphpmyadminMatch3.1.4

phpmyadminphpmyadminMatch3.1.4rc2

phpmyadminphpmyadminMatch3.1.5

phpmyadminphpmyadminMatch3.1.5rc1

phpmyadminphpmyadminMatch3.2.0

phpmyadminphpmyadminMatch3.2.0beta1

phpmyadminphpmyadminMatch3.2.0rc1

phpmyadminphpmyadminMatch3.2.1

phpmyadminphpmyadminMatch3.2.1rc1

phpmyadminphpmyadminMatch3.2.2

phpmyadminphpmyadminMatch3.2.2rc1

phpmyadminphpmyadminMatch3.3.0.0

phpmyadminphpmyadminMatch3.3.1.0

phpmyadminphpmyadminMatch3.3.2.0

phpmyadminphpmyadminMatch3.3.3.0

phpmyadminphpmyadminMatch3.3.4.0

phpmyadminphpmyadminMatch3.3.5.0

phpmyadminphpmyadminMatch3.3.5.1

phpmyadminphpmyadminMatch3.3.6

phpmyadminphpmyadminMatch3.3.7

phpmyadminphpmyadminMatch3.3.8

phpmyadminphpmyadminMatch3.3.8.1

phpmyadminphpmyadminMatch3.3.9.0

phpmyadminphpmyadminMatch3.3.9.1

phpmyadminphpmyadminMatch3.3.9.2

phpmyadminphpmyadminMatch3.3.10.0

phpmyadminphpmyadminMatch3.3.10.1

Node

phpmyadminphpmyadminMatch3.4.0.0

phpmyadminphpmyadminMatch3.4.1.0

phpmyadminphpmyadminMatch3.4.2.0

phpmyadminphpmyadminMatch3.4.3.0

References

ha.xxor.se/2011/07/phpmyadmin-3x-multiple-remote-code.html

lists.fedoraproject.org/pipermail/package-announce/2011-July/062719.html

phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commit%3Bh=b434320eff8ca9c2fc1b043c1804f868341af9a7

secunia.com/advisories/45139

secunia.com/advisories/45292

secunia.com/advisories/45315

securityreason.com/securityalert/8306

typo3.org/teams/security/security-bulletins/typo3-sa-2011-008/

www.debian.org/security/2011/dsa-2286

www.mandriva.com/security/advisories?name=MDVSA-2011:124

www.openwall.com/lists/oss-security/2011/06/28/2

www.openwall.com/lists/oss-security/2011/06/28/6

www.openwall.com/lists/oss-security/2011/06/28/8

www.openwall.com/lists/oss-security/2011/06/29/11

www.osvdb.org/73614

www.phpmyadmin.net/home_page/security/PMASA-2011-8.php

www.securityfocus.com/archive/1/518804/100/0/threaded

www.xxor.se/advisories/phpMyAdmin_3.x_Multiple_Remote_Code_Executions.txt

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

AI Score

6.5

Confidence

Low

EPSS

0.22

Percentile

96.5%

JSON

Related for NVD:CVE-2011-2508

phpmyadmin1 ubuntucve1 cve1 debiancve1 prion1 cvelist1 openvas10 securityvulns3 nessus5 packetstorm1 seebug2 freebsd1 osv1 debian1 gentoo1