CVE-2011-2643 — Path Traversal in Phpmyadmin

CWE-22 — Path Traversal7 documents5 sources

Severity

6.8MEDIUMNVD

EPSS

0.4%

top 40.34%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Phpmyadmin Debian Phpmyadmin

Timeline

PublishedAug 1

Latest updateMay 17

Description

Directory traversal vulnerability in sql.php in phpMyAdmin 3.4.x before 3.4.3.2, when configuration storage is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a MIME-type transformation parameter.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages3 packages

▶debiandebian/phpmyadmin< phpmyadmin 4:3.4.3.2-1 (bookworm)

▶Debianphpmyadmin/phpmyadmin< 4:3.4.3.2-1+3

▶NVDphpmyadmin/phpmyadmin5 versions+4

Patches

Patch: www.phpmyadmin.net ↗Patch: bugzilla.redhat.com ↗Patch: www.phpmyadmin.net ↗

🔴Vulnerability Details

GHSA

GHSA-x95j-5m75-mq26: Directory traversal vulnerability in sql↗2022-05-17

▶

OSV

CVE-2011-2643: Directory traversal vulnerability in sql↗2011-08-01

▶

📋Vendor Advisories

Debian

CVE-2011-2643: phpmyadmin - Directory traversal vulnerability in sql.php in phpMyAdmin 3.4.x before 3.4.3.2,...↗2011

▶

💬Community

Bugzilla

CVE-2011-2643 phpMyAdmin: v3.3.10.3, v3.4.3.2: Local file inclusion via a crafted MIME-type transformation parameter (PMASA-2011-10)↗2011-07-25

▶

Bugzilla

CVE-2011-2643 phpMyAdmin various flaws [epel-6]↗2011-07-25

▶

Bugzilla

CVE-2011-2642 CVE-2011-2643 phpMyAdmin various flaws [fedora-all]↗2011-07-25

▶