CVE-2008-1924

2008-04-2316:05:00

CWE-200

NVD-CWE-noinfo

[email protected]

web.nvd.nist.gov

nvd

phpmyadmin

vulnerability

remote authenticated

http

post request

5.9 Medium

AI Score

Confidence

Low

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

0.003 Low

EPSS

Percentile

65.8%

JSON

Unspecified vulnerability in phpMyAdmin before 2.11.5.2, when running on shared hosts, allows remote authenticated users with CREATE table permissions to read arbitrary files via a crafted HTTP POST request, related to use of an undefined UploadDir variable.

CPENameOperatorVersion
phpmyadmin:phpmyadminphpmyadmineq2.10.3rc1
phpmyadmin:phpmyadminphpmyadmineq2.11.4
phpmyadmin:phpmyadminphpmyadmineq2.11.0rc1
phpmyadmin:phpmyadminphpmyadmineq2.11.1.2
phpmyadmin:phpmyadminphpmyadmineq2.11.3rc1
phpmyadmin:phpmyadminphpmyadmineq2.11.1
phpmyadmin:phpmyadminphpmyadmineq2.10.0.1
phpmyadmin:phpmyadminphpmyadmineq2.11.6rc1
phpmyadmin:phpmyadminphpmyadmineq2.10.2
phpmyadmin:phpmyadminphpmyadmineq2.11.1rc1

CPE	Name	Operator	Version
phpmyadmin:phpmyadmin	phpmyadmin	eq	2.10.3rc1
phpmyadmin:phpmyadmin	phpmyadmin	eq	2.11.4
phpmyadmin:phpmyadmin	phpmyadmin	eq	2.11.0rc1
phpmyadmin:phpmyadmin	phpmyadmin	eq	2.11.1.2
phpmyadmin:phpmyadmin	phpmyadmin	eq	2.11.3rc1
phpmyadmin:phpmyadmin	phpmyadmin	eq	2.11.1
phpmyadmin:phpmyadmin	phpmyadmin	eq	2.10.0.1
phpmyadmin:phpmyadmin	phpmyadmin	eq	2.11.6rc1
phpmyadmin:phpmyadmin	phpmyadmin	eq	2.10.2
phpmyadmin:phpmyadmin	phpmyadmin	eq	2.11.1rc1