Description
Directory traversal vulnerability in libraries/display_tbl.lib.php in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1, when a certain MIME transformation feature is enabled, allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in a GLOBALS[mime_map][$meta->name][transformation] parameter.
Remediation
References
Related Vulnerabilities
Apache Tomcat 7PK - Security Features Vulnerability (CVE-2002-0493)
PHP Other Vulnerability (CVE-2006-1017)
WordPress Plugin Hide My WP Cross-Site Scripting (4.53)
WordPress Plugin Translate WordPress with GTranslate Open Redirect (2.8.10)
WordPress Plugin IP Blacklist Cloud Arbitrary File Disclosure (3.42)