CVE-2011-2718: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
(updated )
Multiple directory traversal vulnerabilities in the relational schema implementation in phpMyAdmin 3.4.x before 3.4.3.2 allow remote authenticated users to include and execute arbitrary local files via directory traversal sequences in an export type field, related to (1) libraries/schema/User_Schema.class.php and (2) schema_export.php.
References
- lists.fedoraproject.org/pipermail/package-announce/2011-August/063410.html
- lists.fedoraproject.org/pipermail/package-announce/2011-August/063418.html
- phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commit%3Bh=3ae58f0cd6b89ad4767920f9b214c38d3f6d4393
- phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commit;h=3ae58f0cd6b89ad4767920f9b214c38d3f6d4393
- www.openwall.com/lists/oss-security/2011/07/25/4
- www.openwall.com/lists/oss-security/2011/07/26/10
- www.phpmyadmin.net/home_page/security/PMASA-2011-11.php
- bugzilla.redhat.com/show_bug.cgi?id=725383
- exchange.xforce.ibmcloud.com/vulnerabilities/68768
- github.com/advisories/GHSA-xhqq-554j-p4x8
- github.com/phpmyadmin/phpmyadmin/commit/3ae58f0cd6b89ad4767920f9b214c38d3f6d4393
- nvd.nist.gov/vuln/detail/CVE-2011-2718
- web.archive.org/web/20120111084137/http://www.securityfocus.com/bid/48874
- web.archive.org/web/20121105034518/http://www.mandriva.com/en/support/security/advisories?name=MDVSA-2011:124
Code Behaviors & Features
Detect and mitigate CVE-2011-2718 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →