Description
Directory traversal vulnerability in libraries/display_tbl.lib.php in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1, when a certain MIME transformation feature is enabled, allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in a GLOBALS[mime_map][$meta->name][transformation] parameter.
Remediation
References
Related Vulnerabilities
WordPress Plugin Kimili Flash Embed Unspecified Vulnerability (2.2.1)
e107 Other Vulnerability (CVE-2003-1191)
Drupal Core 5.x Local File Inclusion (5.0 - 5.15)
WordPress Plugin NextScripts:Social Networks Auto-Poster Cross-Site Request Forgery (4.3.24)
WordPress MU 'wp-admin/wpmu-blogs.php' Multiple Cross-Site Scripting Vulnerabilities (1.0 - 2.5.1)