National Cyber Awareness System

Vulnerability Summary for CVE-2011-2508

Overview

Directory traversal vulnerability in libraries/display_tbl.lib.php in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1, when a certain MIME transformation feature is enabled, allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in a GLOBALS[mime_map][$meta->name][transformation] parameter.

Impact

CVSS Severity (version 2.0):

CVSS Version 2 Metrics:

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

External Source: CONFIRM

Name: http://www.phpmyadmin.net/home_page/security/PMASA-2011-8.php

Type: Advisory; Patch Information

Hyperlink:http://www.phpmyadmin.net/home_page/security/PMASA-2011-8.php

External Source: CONFIRM

Name: http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commit;h=b434320eff8ca9c2fc1b043c1804f868341af9a7

Type: Patch Information

Hyperlink:http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commit;h=b434320eff8ca9c2fc1b043c1804f868341af9a7

External Source: MISC

Name: http://www.xxor.se/advisories/phpMyAdmin_3.x_Multiple_Remote_Code_Executions.txt

Hyperlink:http://www.xxor.se/advisories/phpMyAdmin_3.x_Multiple_Remote_Code_Executions.txt

External Source: BUGTRAQ

Name: 20110707 phpMyAdmin 3.x Multiple Remote Code Executions

Hyperlink:http://www.securityfocus.com/archive/1/archive/1/518804/100/0/threaded

External Source: OSVDB

Name: 73614

Hyperlink:http://www.osvdb.org/73614

External Source: MLIST

Name: [oss-security] 20110629 Re: CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities

Hyperlink:http://www.openwall.com/lists/oss-security/2011/06/29/11

External Source: MLIST

Name: [oss-security] 20110628 Re: [Phpmyadmin-security] CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities

Hyperlink:http://www.openwall.com/lists/oss-security/2011/06/28/8

External Source: MLIST

Name: [oss-security] 20110628 Re: CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities

Hyperlink:http://www.openwall.com/lists/oss-security/2011/06/28/6

External Source: MLIST

Name: [oss-security] 20110628 CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities

Hyperlink:http://www.openwall.com/lists/oss-security/2011/06/28/2

External Source: MANDRIVA

Name: MDVSA-2011:124

Hyperlink:http://www.mandriva.com/security/advisories?name=MDVSA-2011:124

External Source: DEBIAN

Name: DSA-2286

Hyperlink:http://www.debian.org/security/2011/dsa-2286

External Source: CONFIRM

Name: http://typo3.org/teams/security/security-bulletins/typo3-sa-2011-008/

Hyperlink:http://typo3.org/teams/security/security-bulletins/typo3-sa-2011-008/

External Source: SREASON

Name: 8306

Hyperlink:http://securityreason.com/securityalert/8306

External Source: SECUNIA

Name: 45315

Hyperlink:http://secunia.com/advisories/45315

External Source: SECUNIA

Name: 45292

Hyperlink:http://secunia.com/advisories/45292

External Source: SECUNIA

Name: 45139

Type: Advisory

Hyperlink:http://secunia.com/advisories/45139

External Source: FEDORA

Name: FEDORA-2011-9144

Hyperlink:http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062719.html

External Source: MISC

Name: http://ha.xxor.se/2011/07/phpmyadmin-3x-multiple-remote-code.html

Hyperlink:http://ha.xxor.se/2011/07/phpmyadmin-3x-multiple-remote-code.html