Announcement-ID: PMASA-2011-10
Date: 2011-07-23
Local file inclusion.
Via a crafted MIME-type transformation parameter, an attacker can perform a local file inclusion.
We consider this vulnerability to be serious.
The phpMyAdmin's configuration storage mechanism must be configured for this attack to work.
Versions 3.4.0 to 3.4.3.1 are affected.
Upgrade to phpMyAdmin 3.4.3.2 or apply the related patch listed below.
This issue was found by Norman Hippert from The-Wildcat.de
Assigned CVE ids: CVE-2011-2643
The following commits have been made to fix this issue:
For further information and in case of questions, please contact the phpMyAdmin team. Our website is phpmyadmin.net.