Search for vulnerabilities
Vulnerability details: VCID-4q2p-urvd-xbg9
Vulnerability ID VCID-4q2p-urvd-xbg9
Aliases CVE-2011-2718
GHSA-xhqq-554j-p4x8
Summary phpMyAdmin Directory Traversal Vulnerability Multiple directory traversal vulnerabilities in the relational schema implementation in phpMyAdmin 3.4.x before 3.4.3.2 allow remote authenticated users to include and execute arbitrary local files via directory traversal sequences in an export type field, related to (1) `libraries/schema/User_Schema.class.php` and (2) `schema_export.php`.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
generic_textual MODERATE http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063410.html
generic_textual MODERATE http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063418.html
generic_textual MODERATE http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commit%3Bh=3ae58f0cd6b89ad4767920f9b214c38d3f6d4393
generic_textual MODERATE http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commit;h=3ae58f0cd6b89ad4767920f9b214c38d3f6d4393
epss 0.01003 https://api.first.org/data/v1/epss?cve=CVE-2011-2718
epss 0.01003 https://api.first.org/data/v1/epss?cve=CVE-2011-2718
epss 0.01003 https://api.first.org/data/v1/epss?cve=CVE-2011-2718
epss 0.01003 https://api.first.org/data/v1/epss?cve=CVE-2011-2718
epss 0.01003 https://api.first.org/data/v1/epss?cve=CVE-2011-2718
epss 0.01003 https://api.first.org/data/v1/epss?cve=CVE-2011-2718
epss 0.01003 https://api.first.org/data/v1/epss?cve=CVE-2011-2718
epss 0.01003 https://api.first.org/data/v1/epss?cve=CVE-2011-2718
epss 0.01003 https://api.first.org/data/v1/epss?cve=CVE-2011-2718
epss 0.01003 https://api.first.org/data/v1/epss?cve=CVE-2011-2718
epss 0.01003 https://api.first.org/data/v1/epss?cve=CVE-2011-2718
epss 0.01003 https://api.first.org/data/v1/epss?cve=CVE-2011-2718
epss 0.01003 https://api.first.org/data/v1/epss?cve=CVE-2011-2718
epss 0.01003 https://api.first.org/data/v1/epss?cve=CVE-2011-2718
epss 0.01003 https://api.first.org/data/v1/epss?cve=CVE-2011-2718
epss 0.01003 https://api.first.org/data/v1/epss?cve=CVE-2011-2718
epss 0.01003 https://api.first.org/data/v1/epss?cve=CVE-2011-2718
epss 0.01003 https://api.first.org/data/v1/epss?cve=CVE-2011-2718
epss 0.01003 https://api.first.org/data/v1/epss?cve=CVE-2011-2718
epss 0.01003 https://api.first.org/data/v1/epss?cve=CVE-2011-2718
epss 0.01003 https://api.first.org/data/v1/epss?cve=CVE-2011-2718
epss 0.01003 https://api.first.org/data/v1/epss?cve=CVE-2011-2718
epss 0.01003 https://api.first.org/data/v1/epss?cve=CVE-2011-2718
epss 0.01003 https://api.first.org/data/v1/epss?cve=CVE-2011-2718
epss 0.01003 https://api.first.org/data/v1/epss?cve=CVE-2011-2718
epss 0.01003 https://api.first.org/data/v1/epss?cve=CVE-2011-2718
epss 0.01003 https://api.first.org/data/v1/epss?cve=CVE-2011-2718
generic_textual MODERATE https://bugzilla.redhat.com/show_bug.cgi?id=725383
generic_textual MODERATE https://exchange.xforce.ibmcloud.com/vulnerabilities/68768
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-xhqq-554j-p4x8
generic_textual MODERATE https://github.com/phpmyadmin/composer
generic_textual MODERATE https://github.com/phpmyadmin/phpmyadmin/commit/3ae58f0cd6b89ad4767920f9b214c38d3f6d4393
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2011-2718
generic_textual MODERATE https://web.archive.org/web/20120111084137/http://www.securityfocus.com/bid/48874
generic_textual MODERATE https://web.archive.org/web/20121105034518/http://www.mandriva.com/en/support/security/advisories?name=MDVSA-2011:124
generic_textual MODERATE http://www.openwall.com/lists/oss-security/2011/07/25/4
generic_textual MODERATE http://www.openwall.com/lists/oss-security/2011/07/26/10
generic_textual MODERATE http://www.phpmyadmin.net/home_page/security/PMASA-2011-11.php
Reference id Reference type URL
http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063410.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063418.html
http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commit%3Bh=3ae58f0cd6b89ad4767920f9b214c38d3f6d4393
http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commit;h=3ae58f0cd6b89ad4767920f9b214c38d3f6d4393
https://api.first.org/data/v1/epss?cve=CVE-2011-2718
https://bugzilla.redhat.com/show_bug.cgi?id=725383
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2718
https://exchange.xforce.ibmcloud.com/vulnerabilities/68768
https://github.com/phpmyadmin/composer
https://github.com/phpmyadmin/phpmyadmin/commit/3ae58f0cd6b89ad4767920f9b214c38d3f6d4393
https://nvd.nist.gov/vuln/detail/CVE-2011-2718
https://web.archive.org/web/20120111084137/http://www.securityfocus.com/bid/48874
https://web.archive.org/web/20121105034518/http://www.mandriva.com/en/support/security/advisories?name=MDVSA-2011:124
http://www.openwall.com/lists/oss-security/2011/07/25/4
http://www.openwall.com/lists/oss-security/2011/07/26/10
http://www.phpmyadmin.net/home_page/security/PMASA-2011-11.php
GHSA-xhqq-554j-p4x8 https://github.com/advisories/GHSA-xhqq-554j-p4x8
No exploits are available.
Exploit Prediction Scoring System (EPSS)
Percentile 0.76082
EPSS Score 0.01003
Published At July 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T09:08:23.105450+00:00 GithubOSV Importer Import https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-xhqq-554j-p4x8/GHSA-xhqq-554j-p4x8.json 37.0.0