Unrated severityNVD Advisory· Published Aug 1, 2011· Updated Apr 29, 2026

CVE-2011-2643

Description

Directory traversal vulnerability in sql.php in phpMyAdmin 3.4.x before 3.4.3.2, when configuration storage is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a MIME-type transformation parameter.

Affected products

PhpMyAdmin/phpMyAdmin5 versions
cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.0.0:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.3.1:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.phpmyadmin.net/home_page/security/PMASA-2011-10.phpnvdPatchVendor Advisory
bugzilla.redhat.com/show_bug.cginvdPatch
secunia.com/advisories/45365nvdVendor Advisory
lists.fedoraproject.org/pipermail/package-announce/2011-August/063410.htmlnvd
lists.fedoraproject.org/pipermail/package-announce/2011-August/063418.htmlnvd
phpmyadmin.git.sourceforge.net/git/gitweb.cginvd
secunia.com/advisories/45515nvd
www.mandriva.com/security/advisoriesnvd
www.securityfocus.com/bid/48874nvd
exchange.xforce.ibmcloud.com/vulnerabilities/68767nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000