Description
Directory traversal vulnerability in libraries/display_tbl.lib.php in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1, when a certain MIME transformation feature is enabled, allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in a GLOBALS[mime_map][$meta->name][transformation] parameter.
Remediation
References
Related Vulnerabilities
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-0800)
Oracle Database Server CVE-2014-6545 Vulnerability (CVE-2014-6545)
PostgreSQL CVE-2024-10978 Vulnerability (CVE-2024-10978)
WordPress Plugin Mz-jajak 'id' Parameter SQL Injection (2.1)
Drupal Files or Directories Accessible to External Parties Vulnerability (CVE-2017-6922)