logo

Database

Lack of data validation - Path Traversal In phpmyadmin/phpmyadmin

Description

phpMyAdmin Directory Traversal Vulnerability Multiple directory traversal vulnerabilities in the relational schema implementation in phpMyAdmin 3.4.x before 3.4.3.2 allow remote authenticated users to include and execute arbitrary local files via directory traversal sequences in an export type field, related to (1) libraries/schema/User_Schema.class.php and (2) schema_export.php.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2011-27182. NVD-2011-27183. OSV-2011-27184. OSV-DEBIAN-2011-27185. GCVE-2011-27186. SECURITY-TRACKER-CVE-2011-2718

References

1. https://github.com/phpmyadmin/phpmyadmin/commit/3ae58f0cd6b89ad4767920f9b214c38d3f6d43932. https://bugzilla.redhat.com/show_bug.cgi?id=7253833. https://exchange.xforce.ibmcloud.com/vulnerabilities/687684. https://web.archive.org/web/20120111084137/http://www.securityfocus.com/bid/488745. https://web.archive.org/web/20121105034518/http://www.mandriva.com/en/support/security/advisories?name=MDVSA-2011:1246. http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063410.html7. http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063418.html8. http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commit%3Bh=3ae58f0cd6b89ad4767920f9b214c38d3f6d43939. http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commit;h=3ae58f0cd6b89ad4767920f9b214c38d3f6d439310. http://www.openwall.com/lists/oss-security/2011/07/25/411. http://www.openwall.com/lists/oss-security/2011/07/26/1012. http://www.phpmyadmin.net/home_page/security/PMASA-2011-11.php

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.