Bug 725383 (CVE-2011-2718, PMASA-2011-11) - CVE-2011-2718 phpMyAdmin: v3.3.10.3, v3.4.3.2: Local file inclusion and code execution in 'relational schema' code (PMASA-2011-11)
Summary: CVE-2011-2718 phpMyAdmin: v3.3.10.3, v3.4.3.2: Local file inclusion and code ...
Alias: CVE-2011-2718, PMASA-2011-11
Product: Security Response
Classification: Other
Component: vulnerability   
(Show other bugs)
Version: unspecified
Hardware: All Linux
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
Whiteboard: public=20110723,reported=20110724,sou...
Keywords: Security
Depends On: 725385 725386
TreeView+ depends on / blocked
Reported: 2011-07-25 10:58 UTC by Jan Lieskovsky
Modified: 2015-07-31 06:42 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2014-07-19 15:48:46 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description Jan Lieskovsky 2011-07-25 10:58:29 UTC
A local file inclusion and arbitrary SQL code execution flaws were found in the way phpMyAdmin, the MySQL over WWW administration tool, performed 'export_type' sanitization, when retrieving and verifying relation schema export options. A local attacker could use this flaw to obtain security sensitive information or, potentially, execute arbitrary SQL code with the privileges of the user running the query.

[1] http://www.phpmyadmin.net/home_page/security/PMASA-2011-11.php
[2] http://www.phpmyadmin.net/home_page/news.php

Upstream patches:
[3] http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commitdiff;h=3ae58f0cd6b89ad4767920f9b214c38d3f6d4393

Further flaw exploitation note:
An attacker must be logged in via phpMyAdmin to exploit this problem. 

Affected versions:
Versions 3.4.0 to are affected.

Comment 1 Jan Lieskovsky 2011-07-25 11:00:38 UTC
This issue affects the versions of the phpMyAdmin package, as shipped with
Fedora release of 14 and 15.

Please schedule an update.


This issue affects the version of the phpMyAdmin package, as present within
EPEL-6 repository.

Please schedule an update.


This issue did NOT affect the versions of the phpMyAdmin package, as present
within EPEL-4 and EPEL-5 repositories.

Comment 2 Jan Lieskovsky 2011-07-25 11:04:51 UTC
Created phpMyAdmin tracking bugs for this issue

Affects: fedora-all [bug 725385]
Affects: epel-6 [bug 725386]

Comment 3 Jan Lieskovsky 2011-07-25 11:15:31 UTC
CVE Request:
[4] http://www.openwall.com/lists/oss-security/2011/07/25/4

Comment 4 Vincent Danen 2011-07-26 20:02:30 UTC
This has been assigned the name CVE-2011-2718:


Note You need to log in before you can comment on or make changes to this bug.