1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
|
Candidate: CVE-2011-2643
PublicDate: 2011-08-01
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2643
http://www.phpmyadmin.net/home_page/security/PMASA-2011-10.php
Description:
Directory traversal vulnerability in sql.php in phpMyAdmin 3.4.x before
3.4.3.2, when configuration storage is enabled, allows remote attackers to
include and execute arbitrary local files via directory traversal sequences
in a MIME-type transformation parameter.
Ubuntu-Description:
Notes:
Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=725382
Priority: medium
Discovered-by:
Assigned-to:
Patches_phpmyadmin:
upstream: http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commit;h=f63e1bb42a37401b2fdfcd2e66cce92b7ea2025c
upstream_phpmyadmin: released (3.4.3.2)
hardy_phpmyadmin: ignored (reached end-of-life)
lucid_phpmyadmin: ignored (reached end-of-life)
maverick_phpmyadmin: ignored (reached end-of-life)
natty_phpmyadmin: ignored (reached end-of-life)
oneiric_phpmyadmin: not-affected (4:3.4.3.2-1)
precise_phpmyadmin: not-affected (4:3.4.3.2-1)
quantal_phpmyadmin: not-affected (4:3.4.3.2-1)
raring_phpmyadmin: not-affected (4:3.4.3.2-1)
saucy_phpmyadmin: not-affected (4:3.4.3.2-1)
devel_phpmyadmin: not-affected (4:3.4.3.2-1)
|