PRIOn knowledge basePRION:CVE-2011-2643

HistoryAug 01, 2011 - 7:55 p.m.

Directory traversal

2011-08-0119:55:00

PRIOn knowledge base

www.prio-n.com

7.4 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.026 Low

EPSS

Percentile

90.3%

JSON

Directory traversal vulnerability in sql.php in phpMyAdmin 3.4.x before 3.4.3.2, when configuration storage is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a MIME-type transformation parameter.

CPENameOperatorVersion
phpmyadmineq3.4.0.0
phpmyadmineq3.4.3.1
phpmyadmineq3.4.1.0
phpmyadmineq3.4.2.0
phpmyadmineq3.4.3.0

Name	Operator	Version
phpmyadmin	eq	3.4.0.0
phpmyadmin	eq	3.4.3.1
phpmyadmin	eq	3.4.1.0
phpmyadmin	eq	3.4.2.0
phpmyadmin	eq	3.4.3.0

References

phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commit;h=f63e1bb42a37401b2fdfcd2e66cce92b7ea2025c

secunia.com/advisories/45365

secunia.com/advisories/45515

www.mandriva.com/security/advisories?name=MDVSA-2011:124

www.securityfocus.com/bid/48874

bugzilla.redhat.com/show_bug.cgi?id=725382

exchange.xforce.ibmcloud.com/vulnerabilities/68767

lists.fedoraproject.org/pipermail/package-announce/2011-August/063410.html

lists.fedoraproject.org/pipermail/package-announce/2011-August/063418.html

www.phpmyadmin.net/home_page/security/PMASA-2011-10.php

7.4 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.026 Low

EPSS

Percentile

90.3%

JSON

Related for PRION:CVE-2011-2643