|Package(s):||phpMyAdmin||CVE #(s):||CVE-2011-2643 CVE-2011-2718 CVE-2011-2719|
|Created:||August 5, 2011||Updated:||August 15, 2011|
|Description:||From the CVE entries:
Directory traversal vulnerability in sql.php in phpMyAdmin 3.4.x before 126.96.36.199, when configuration storage is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a MIME-type transformation parameter. (CVE-2011-2643)
Multiple directory traversal vulnerabilities in the relational schema implementation in phpMyAdmin 3.4.x before 188.8.131.52 allow remote authenticated users to include and execute arbitrary local files via directory traversal sequences in an export type field, related to (1) libraries/schema/User_Schema.class.php and (2) schema_export.php. (CVE-2011-2718)
libraries/auth/swekey/swekey.auth.lib.php in phpMyAdmin 3.x before 184.108.40.206 and 3.4.x before 220.127.116.11 does not properly manage sessions associated with Swekey authentication, which allows remote attackers to modify the SESSION superglobal array, other superglobal arrays, and certain swekey.auth.lib.php local variables via a crafted query string, a related issue to CVE-2011-2505. (CVE-2011-2719)
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds