CVE-2011-2718 — Path Traversal in Phpmyadmin

CWE-22 — Path Traversal6 documents5 sources

Severity

6.0MEDIUMNVD

EPSS

1.0%

top 22.96%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Phpmyadmin Debian Phpmyadmin

Timeline

PublishedAug 1

Latest updateMay 17

Description

Multiple directory traversal vulnerabilities in the relational schema implementation in phpMyAdmin 3.4.x before 3.4.3.2 allow remote authenticated users to include and execute arbitrary local files via directory traversal sequences in an export type field, related to (1) libraries/schema/User_Schema.class.php and (2) schema_export.php.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 6.8 | Impact: 6.4

Affected Packages4 packages

▶debiandebian/phpmyadmin< phpmyadmin 4:3.4.3.2-1 (bookworm)

▶Packagistphpmyadmin/phpmyadmin3.4 — 3.4.3.2

▶Debianphpmyadmin/phpmyadmin< 4:3.4.3.2-1+3

▶NVDphpmyadmin/phpmyadmin5 versions+4

Patches

Patch: www.openwall.com ↗Patch: www.openwall.com ↗Patch: www.phpmyadmin.net ↗

🔴Vulnerability Details

OSV

phpMyAdmin Directory Traversal Vulnerability↗2022-05-17

▶

GHSA

phpMyAdmin Directory Traversal Vulnerability↗2022-05-17

▶

OSV

CVE-2011-2718: Multiple directory traversal vulnerabilities in the relational schema implementation in phpMyAdmin 3↗2011-08-01

▶

📋Vendor Advisories

Debian

CVE-2011-2718: phpmyadmin - Multiple directory traversal vulnerabilities in the relational schema implementa...↗2011

▶

💬Community

Bugzilla

CVE-2011-2718 phpMyAdmin: v3.3.10.3, v3.4.3.2: Local file inclusion and code execution in 'relational schema' code (PMASA-2011-11)↗2011-07-25

▶