CVE-2011-2508 — Path Traversal in Phpmyadmin

CWE-22 — Path Traversal5 documents4 sources

Severity

6.0MEDIUMNVD

EPSS

11.2%

top 6.48%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Phpmyadmin Debian Phpmyadmin

Timeline

PublishedJul 14

Latest updateMay 14

Description

Directory traversal vulnerability in libraries/display_tbl.lib.php in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1, when a certain MIME transformation feature is enabled, allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in a GLOBALS[mime_map][$meta->name][transformation] parameter.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 6.8 | Impact: 6.4

Affected Packages4 packages

▶debiandebian/phpmyadmin< phpmyadmin 4:3.4.3.1-1 (bookworm)

▶Packagistphpmyadmin/phpmyadmin3.3.0 — 3.3.10.2+1

▶Debianphpmyadmin/phpmyadmin< 4:3.4.3.1-1+3

▶NVDphpmyadmin/phpmyadmin34 versions+33

Patches

Patch: www.phpmyadmin.net ↗Patch: www.phpmyadmin.net ↗

🔴Vulnerability Details

GHSA

phpMyAdmin Directory Traversal vulnerability↗2022-05-14

▶

OSV

phpMyAdmin Directory Traversal vulnerability↗2022-05-14

▶

OSV

CVE-2011-2508: Directory traversal vulnerability in libraries/display_tbl↗2011-07-14

▶

📋Vendor Advisories

Debian

CVE-2011-2508: phpmyadmin - Directory traversal vulnerability in libraries/display_tbl.lib.php in phpMyAdmin...↗2011

▶