Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0129

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2004-0129
Last Modified 05 Sep 2008 04:37:36
Published 03 Mar 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-0129

Summary

Directory traversal vulnerability in export.php in phpMyAdmin 2.5.5 and earlier allows remote attackers to read arbitrary files via .. (dot dot) sequences in the what parameter.

Vulnerable Systems

Application

  • Phpmyadmin 2.0

  • Phpmyadmin 2.0.1

  • Phpmyadmin 2.0.2

  • Phpmyadmin 2.0.3

  • Phpmyadmin 2.0.4

  • Phpmyadmin 2.0.5

  • Phpmyadmin 2.1

  • Phpmyadmin 2.1.1

  • Phpmyadmin 2.1.2

  • Phpmyadmin 2.2 Pre1

  • Phpmyadmin 2.2 Rc1

  • Phpmyadmin 2.2 Rc2

  • Phpmyadmin 2.2 Rc3

  • Phpmyadmin 2.2.2

  • Phpmyadmin 2.2.3

  • Phpmyadmin 2.2.4

  • Phpmyadmin 2.2.5

  • Phpmyadmin 2.2.6

  • Phpmyadmin 2.3.1

  • Phpmyadmin 2.3.2

  • Phpmyadmin 2.4.0

  • Phpmyadmin 2.5.0

  • Phpmyadmin 2.5.1

  • Phpmyadmin 2.5.2

  • Phpmyadmin 2.5.4

  • Phpmyadmin 2.5.5

  • Phpmyadmin 2.5.5 Pl1

  • Phpmyadmin 2.5.5 Rc1

  • Phpmyadmin 2.5.5 Rc2


References

BID - 9564

BUGTRAQ - 20040203 Arbitrary File Disclosure Vulnerability in phpMyAdmin 2.5.5-pl1 and prior

CONFIRM - http://www.phpmyadmin.net/home_page/relnotes.php?rel=0

CONFIRM - http://sourceforge.net/forum/forum.php?forum_id=350228

GENTOO - GLSA-200402-05

XF - phpmyadmin-dotdot-directory-traversal(15021)

OSVDB - 3800

SECUNIA - 10769


Last Updated: 27 May 2016 10:38:29