CVE-2011-2643
EPSS 0.38%
Description
Directory traversal vulnerability in sql.php in phpMyAdmin 3.4.x before 3.4.3.2, when configuration storage is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a MIME-type transformation parameter.
How to fix CVE-2011-2643
To remediate CVE-2011-2643, upgrade the affected package to a fixed version below.
- Debian/phpmyadmin—upgrade to 4:3.4.3.2-1 or later
Is CVE-2011-2643 being exploited?
Low — EPSS is 0.4%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 4:3.4.3.2-1