Announcement-ID: PMASA-2011-11
Date: 2011-07-23
Local file inclusion vulnerability and code execution.
In the 'relational schema' code a parameter was not sanitized before being used to concatenate a class name.
We consider this vulnerability to be critical.
An attacker must be logged in via phpMyAdmin to exploit this problem.
Versions 3.4.0 to 3.4.3.1 are affected.
Upgrade to phpMyAdmin 3.4.3.2 or apply the related patch listed below.
This issue was found by Norman Hippert from The-Wildcat.de
Assigned CVE ids: CVE-2011-2718
The following commits have been made to fix this issue:
For further information and in case of questions, please contact the phpMyAdmin team. Our website is phpmyadmin.net.