Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-1148

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2004-1148
Last Modified 10 Sep 2008 03:29:19
Published 10 Jan 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-1148

Summary

phpMyAdmin before 2.6.1, when configured with UploadDir functionality, allows remote attackers to read arbitrary files via the sql_localfile parameter.

Vulnerable Systems

Application

  • Phpmyadmin 2.4.0

  • Phpmyadmin 2.5.0

  • Phpmyadmin 2.5.1

  • Phpmyadmin 2.5.2

  • Phpmyadmin 2.5.4

  • Phpmyadmin 2.5.5

  • Phpmyadmin 2.5.5 Pl1

  • Phpmyadmin 2.5.5 Rc1

  • Phpmyadmin 2.5.5 Rc2

  • Phpmyadmin 2.5.6 Rc1

  • Phpmyadmin 2.5.7

  • Phpmyadmin 2.5.7 Pl1

  • Phpmyadmin 2.6.0 Pl1

  • Phpmyadmin 2.6.0 Pl2

  • Phpmyadmin 2.6.0 Pl3


References

XF - phpmyadmin-command-execute(18441)

MISC - http://www.exaprobe.com/labs/advisories/esa-2004-1213.html

BUGTRAQ - 20041213 Multiple vulnerabilities in phpMyAdmin


Last Updated: 27 May 2016 10:38:55