Multiple directory traversal vulnerabilities in the relational schema implementation in phpMyAdmin 3.4.x before 3.4.3.2 allow remote authenticated users to include and execute arbitrary local files via directory traversal sequences in an export type field, related to (1) libraries/schema/User_Schema.class.php and (2) schema_export.php.
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
| Link | Tags |
|---|---|
| http://secunia.com/advisories/45515 | third party advisory |
| http://secunia.com/advisories/45365 | third party advisory vendor advisory |
| http://osvdb.org/74111 | vdb entry |
| http://www.securityfocus.com/bid/48874 | vdb entry |
| http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commit%3Bh=3ae58f0cd6b89ad4767920f9b214c38d3f6d4393 | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2011:124 | vendor advisory |
| http://www.openwall.com/lists/oss-security/2011/07/26/10 | patch mailing list |
| https://bugzilla.redhat.com/show_bug.cgi?id=725383 | patch |
| http://www.phpmyadmin.net/home_page/security/PMASA-2011-11.php | patch vendor advisory |
| http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063410.html | vendor advisory |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/68768 | vdb entry |
| http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063418.html | vendor advisory |
| http://www.openwall.com/lists/oss-security/2011/07/25/4 | patch mailing list |