Description
phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTTP Server, as demonstrated by a .php.sql filename.
Remediation
References
Related Vulnerabilities
Dolibarr Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-17898)
Atlassian Jira Server-Side Request Forgery (SSRF) Vulnerability (CVE-2019-8451)
Joomla Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2011-4912)
WordPress Plugin Improved Sale Badges for WooCommerce Security Bypass (4.3.2)
MediaWiki Improper Encoding or Escaping of Output Vulnerability (CVE-2020-10960)