Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-5587

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2008-5587
Last Modified 15 May 2014 11:22:42
Published 16 Dec 2008 02:07:31
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-5587

Summary

Directory traversal vulnerability in libraries/lib.inc.php in phpPgAdmin 4.2.1 and earlier, when register_globals is enabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the _language parameter to index.php.

Vulnerable Systems

Application

  • Phppgadmin 2.2

  • Phppgadmin 2.2.1

  • Phppgadmin 3.1

  • Phppgadmin 3.4.1

  • Phppgadmin 3.5

  • Phppgadmin 3.5.2

  • Phppgadmin 3.5.3

  • Phppgadmin 4.1.1

  • Phppgadmin 4.2.1


References

XF - phppgadmin-index-file-include(47140)

BID - 32670

MILW0RM - 7363

DEBIAN - DSA-1693

SREASON - 4737

SECUNIA - 33263

SECUNIA - 33014

SUSE - SUSE-SR:2009:004

SUSE - openSUSE-SU-2012:0493


Last Updated: 27 May 2016 11:05:16