User: Password:
|
|
Subscribe / Log in / New account

phpMyAdmin: multiple vulnerabilities

Package(s):phpMyAdmin CVE #(s):CVE-2011-2643 CVE-2011-2718 CVE-2011-2719
Created:August 5, 2011 Updated:August 15, 2011
Description: From the CVE entries:

Directory traversal vulnerability in sql.php in phpMyAdmin 3.4.x before 3.4.3.2, when configuration storage is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a MIME-type transformation parameter. (CVE-2011-2643)

Multiple directory traversal vulnerabilities in the relational schema implementation in phpMyAdmin 3.4.x before 3.4.3.2 allow remote authenticated users to include and execute arbitrary local files via directory traversal sequences in an export type field, related to (1) libraries/schema/User_Schema.class.php and (2) schema_export.php. (CVE-2011-2718)

libraries/auth/swekey/swekey.auth.lib.php in phpMyAdmin 3.x before 3.3.10.3 and 3.4.x before 3.4.3.2 does not properly manage sessions associated with Swekey authentication, which allows remote attackers to modify the SESSION superglobal array, other superglobal arrays, and certain swekey.auth.lib.php local variables via a crafted query string, a related issue to CVE-2011-2505. (CVE-2011-2719)

Alerts:
Gentoo 201201-01 phpmyadmin 2012-01-04
Mandriva MDVSA-2011:124 phpmyadmin 2011-08-14
Fedora FEDORA-2011-9734 phpMyAdmin 2011-07-26
Fedora FEDORA-2011-9725 phpMyAdmin 2011-07-26

(Log in to post comments)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds