CVE-2011-2718 — phpMyAdmin Directory Traversal Vulnerability

Description

Multiple directory traversal vulnerabilities in the relational schema implementation in phpMyAdmin 3.4.x before 3.4.3.2 allow remote authenticated users to include and execute arbitrary local files via directory traversal sequences in an export type field, related to (1) libraries/schema/User_Schema.class.php and (2) schema_export.php.

How to fix CVE-2011-2718

To remediate CVE-2011-2718, upgrade the affected package to a fixed version below.

Debian/phpmyadmin—upgrade to 4:3.4.3.2-1 or later
Packagist/phpmyadmin/phpmyadmin—upgrade to 3.4.3.2 or later

Is CVE-2011-2718 being exploited?

Low — EPSS is 1.0%, meaning exploitation activity has not been observed at scale.

Affected packages (2)

from 0, < 4:3.4.3.2-1
>= 3.4, < 3.4.3.2

References (15)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2011-2718
ADVISORYsecurity-tracker.debian.org/tracker/CVE-2011-2718
PATCHgithub.com/phpmyadmin/composer
WEBlists.fedoraproject.org/pipermail/package-announce/2011-August/063410.html