FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2011-2643

This CVE name corresponds to:

Entered Topic
2011-07-24 phpmyadmin -- multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2011-2643 at cve.mitre.org

Details

Type Candidate
Name CVE-2011-2643
Phase Assigned(20110706)

Description

Directory traversal vulnerability in sql.php in phpMyAdmin 3.4.x before 3.4.3.2, when configuration storage is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a MIME-type transformation parameter.

References

Source Reference
CONFIRM http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commit;h=f63e1bb42a37401b2fdfcd2e66cce92b7ea2025c
CONFIRM http://www.phpmyadmin.net/home_page/security/PMASA-2011-10.php
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=725382
FEDORA FEDORA-2011-9725
FEDORA FEDORA-2011-9734
MANDRIVA MDVSA-2011:124
BID 48874
SECUNIA 45365
SECUNIA 45515
XF phpmyadmin-mimetype-file-include(68767)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.