mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-06 02:31:38 +00:00
875 B
875 B
CVE-2011-2508
Description
Directory traversal vulnerability in libraries/display_tbl.lib.php in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1, when a certain MIME transformation feature is enabled, allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in a GLOBALS[mime_map][$meta->name][transformation] parameter.
POC
Reference
- http://ha.xxor.se/2011/07/phpmyadmin-3x-multiple-remote-code.html
- http://securityreason.com/securityalert/8306
Github
No PoCs found on GitHub currently.