Candidate: CVE-2011-2643
PublicDate: 2011-08-01 19:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2643
 http://www.phpmyadmin.net/home_page/security/PMASA-2011-10.php
Description:
 Directory traversal vulnerability in sql.php in phpMyAdmin 3.4.x before
 3.4.3.2, when configuration storage is enabled, allows remote attackers to
 include and execute arbitrary local files via directory traversal sequences
 in a MIME-type transformation parameter.
Ubuntu-Description:
Notes:
Bugs:
 https://bugzilla.redhat.com/show_bug.cgi?id=725382
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_phpmyadmin:
 upstream: http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commit;h=f63e1bb42a37401b2fdfcd2e66cce92b7ea2025c
upstream_phpmyadmin: released (3.4.3.2)
hardy_phpmyadmin: ignored (reached end-of-life)
lucid_phpmyadmin: ignored (reached end-of-life)
maverick_phpmyadmin: ignored (reached end-of-life)
natty_phpmyadmin: ignored (reached end-of-life)
oneiric_phpmyadmin: not-affected (4:3.4.3.2-1)
precise_phpmyadmin: not-affected (4:3.4.3.2-1)
quantal_phpmyadmin: not-affected (4:3.4.3.2-1)
raring_phpmyadmin: not-affected (4:3.4.3.2-1)
saucy_phpmyadmin: not-affected (4:3.4.3.2-1)
devel_phpmyadmin: not-affected (4:3.4.3.2-1)