GoogleOSV:GHSA-XHQQ-554J-P4X8phpMyAdmin Directory Traversal Vulnerability
7 High
AI Score
Confidence
Low
6 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
0.009 Low
EPSS
Percentile
82.5%
Multiple directory traversal vulnerabilities in the relational schema implementation in phpMyAdmin 3.4.x before 3.4.3.2 allow remote authenticated users to include and execute arbitrary local files via directory traversal sequences in an export type field, related to (1) libraries/schema/User_Schema.class.php and (2) schema_export.php.
References
lists.fedoraproject.org/pipermail/package-announce/2011-August/063410.html
lists.fedoraproject.org/pipermail/package-announce/2011-August/063418.html
phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commit%3Bh=3ae58f0cd6b89ad4767920f9b214c38d3f6d4393
phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commit;h=3ae58f0cd6b89ad4767920f9b214c38d3f6d4393
www.openwall.com/lists/oss-security/2011/07/25/4
www.openwall.com/lists/oss-security/2011/07/26/10
www.phpmyadmin.net/home_page/security/PMASA-2011-11.php
bugzilla.redhat.com/show_bug.cgi?id=725383
exchange.xforce.ibmcloud.com/vulnerabilities/68768
github.com/phpmyadmin/composer
github.com/phpmyadmin/phpmyadmin/commit/3ae58f0cd6b89ad4767920f9b214c38d3f6d4393
nvd.nist.gov/vuln/detail/CVE-2011-2718
web.archive.org/web/20120111084137/www.securityfocus.com/bid/48874
web.archive.org/web/20121105034518/www.mandriva.com/en/support/security/advisories?name=MDVSA-2011:124
Related
7 High
AI Score
Confidence
Low
6 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
0.009 Low
EPSS
Percentile
82.5%