FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2011-2508

This CVE name corresponds to:

Entered	Topic
2011-07-03	phpmyadmin -- multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2011-2508 at cve.mitre.org

Details

Type	Candidate
Name	CVE-2011-2508
Phase	Assigned(20110615)

Description

Directory traversal vulnerability in libraries/display_tbl.lib.php in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1, when a certain MIME transformation feature is enabled, allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in a GLOBALS[mime_map][$meta->name][transformation] parameter.

References

Source	Reference
BUGTRAQ	20110707 phpMyAdmin 3.x Multiple Remote Code Executions
MLIST	[oss-security] 20110628 CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities
MLIST	[oss-security] 20110628 Re: CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities
MLIST	[oss-security] 20110628 Re: [Phpmyadmin-security] CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities
MLIST	[oss-security] 20110629 Re: CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities
MISC	http://ha.xxor.se/2011/07/phpmyadmin-3x-multiple-remote-code.html
MISC	http://www.xxor.se/advisories/phpMyAdmin_3.x_Multiple_Remote_Code_Executions.txt
CONFIRM	http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commit;h=b434320eff8ca9c2fc1b043c1804f868341af9a7
CONFIRM	http://typo3.org/teams/security/security-bulletins/typo3-sa-2011-008/
CONFIRM	http://www.phpmyadmin.net/home_page/security/PMASA-2011-8.php
DEBIAN	DSA-2286
FEDORA	FEDORA-2011-9144
MANDRIVA	MDVSA-2011:124
OSVDB	73614
SECUNIA	45139
SECUNIA	45292
SECUNIA	45315
SREASON	8306