Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1924

Overview

Vulnerability Score 3.5 3.5
CVE Id CVE-2008-1924
Last Modified 12 Apr 2011 12:00:00
Published 23 Apr 2008 12:05:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2008-1924

Summary

Unspecified vulnerability in phpMyAdmin before 2.11.5.2, when running on shared hosts, allows remote authenticated users with CREATE table permissions to read arbitrary files via a crafted HTTP POST request, related to use of an undefined UploadDir variable.

Vulnerable Systems

Application

  • Phpmyadmin 2.10.0

  • Phpmyadmin 2.10.0.1

  • Phpmyadmin 2.10.0.2

  • Phpmyadmin 2.10.1

  • Phpmyadmin 2.10.2

  • Phpmyadmin 2.10.3

  • Phpmyadmin 2.10.3rc1

  • Phpmyadmin 2.11.0

  • Phpmyadmin 2.11.0beta1

  • Phpmyadmin 2.11.0rc1

  • Phpmyadmin 2.11.1

  • Phpmyadmin 2.11.1.1

  • Phpmyadmin 2.11.1.2

  • Phpmyadmin 2.11.1rc1

  • Phpmyadmin 2.11.2

  • Phpmyadmin 2.11.2.1

  • Phpmyadmin 2.11.2.2

  • Phpmyadmin 2.11.3

  • Phpmyadmin 2.11.3rc1

  • Phpmyadmin 2.11.4

  • Phpmyadmin 2.11.4rc1

  • Phpmyadmin 2.11.5

  • Phpmyadmin 2.11.5.1

  • Phpmyadmin 2.11.6rc1


References

BID - 28906

XF - phpmyadmin-unspecified-info-disclosure(41964)

VUPEN - ADV-2008-1328

CONFIRM - http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-3

MANDRIVA - MDVSA-2008:131

DEBIAN - DSA-1557

GENTOO - GLSA-200805-02

SECUNIA - 33822

SECUNIA - 32834

SECUNIA - 30816

SECUNIA - 30034

SECUNIA - 29964

SECUNIA - 29944

SUSE - SUSE-SR:2009:003

SUSE - SUSE-SR:2008:026


Last Updated: 27 May 2016 10:47:42