CVE-2011-2508

Name of the Vulnerable Software and Affected Versions phpMyAdmin versions 3.x prior to 3.3.10.2 phpMyAdmin versions 3.4.x prior to 3.4.3.1

Description The issue allows remote authenticated users to include and execute arbitrary local files. This is possible when a certain MIME transformation feature is enabled. The vulnerability can be exploited via a .. (dot dot) in a GLOBALS[mime map][$meta->name][transformation] parameter.

Recommendations For phpMyAdmin versions 3.x prior to 3.3.10.2, update to version 3.3.10.2 or later. For phpMyAdmin versions 3.4.x prior to 3.4.3.1, update to version 3.4.3.1 or later. As a temporary workaround, consider disabling the MIME transformation feature until a patch is available.