Lucene search
HistoryNov 30, 2014 - 11:59 a.m.
CVE-2014-8959
CVSS2
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
AI Score
6.5
Confidence
Low
EPSS
0.016
Percentile
87.5%
Directory traversal vulnerability in libraries/gis/GIS_Factory.class.php in the GIS editor in phpMyAdmin 4.0.x before 4.0.10.6, 4.1.x before 4.1.14.7, and 4.2.x before 4.2.12 allows remote authenticated users to include and execute arbitrary local files via a crafted geometry-type parameter.
Affected configurations
Node
opensuseopensuseMatch12.3
ORopensuseopensuseMatch13.1
ORopensuseopensuseMatch13.2
Node
phpmyadminphpmyadminMatch4.0.0
ORphpmyadminphpmyadminMatch4.0.0rc2
ORphpmyadminphpmyadminMatch4.0.0rc3
ORphpmyadminphpmyadminMatch4.0.1
ORphpmyadminphpmyadminMatch4.0.2
ORphpmyadminphpmyadminMatch4.0.3
ORphpmyadminphpmyadminMatch4.0.4
ORphpmyadminphpmyadminMatch4.0.4.1
ORphpmyadminphpmyadminMatch4.0.4.2
ORphpmyadminphpmyadminMatch4.0.5
ORphpmyadminphpmyadminMatch4.0.6
ORphpmyadminphpmyadminMatch4.0.7
ORphpmyadminphpmyadminMatch4.0.8
ORphpmyadminphpmyadminMatch4.0.9
ORphpmyadminphpmyadminMatch4.0.10
ORphpmyadminphpmyadminMatch4.0.10.0
ORphpmyadminphpmyadminMatch4.0.10.1
ORphpmyadminphpmyadminMatch4.0.10.2
ORphpmyadminphpmyadminMatch4.0.10.3
ORphpmyadminphpmyadminMatch4.0.10.4
ORphpmyadminphpmyadminMatch4.0.10.5
ORphpmyadminphpmyadminMatch4.1.0
ORphpmyadminphpmyadminMatch4.1.1
ORphpmyadminphpmyadminMatch4.1.2
ORphpmyadminphpmyadminMatch4.1.3
ORphpmyadminphpmyadminMatch4.1.4
ORphpmyadminphpmyadminMatch4.1.5
ORphpmyadminphpmyadminMatch4.1.6
ORphpmyadminphpmyadminMatch4.1.7
ORphpmyadminphpmyadminMatch4.1.8
ORphpmyadminphpmyadminMatch4.1.9
ORphpmyadminphpmyadminMatch4.1.10
ORphpmyadminphpmyadminMatch4.1.11
ORphpmyadminphpmyadminMatch4.1.12
ORphpmyadminphpmyadminMatch4.1.13
ORphpmyadminphpmyadminMatch4.1.14
ORphpmyadminphpmyadminMatch4.1.14.1
ORphpmyadminphpmyadminMatch4.1.14.2
ORphpmyadminphpmyadminMatch4.1.14.3
ORphpmyadminphpmyadminMatch4.1.14.4
ORphpmyadminphpmyadminMatch4.1.14.5
ORphpmyadminphpmyadminMatch4.1.14.6
ORphpmyadminphpmyadminMatch4.2.0
ORphpmyadminphpmyadminMatch4.2.1
ORphpmyadminphpmyadminMatch4.2.2
ORphpmyadminphpmyadminMatch4.2.3
ORphpmyadminphpmyadminMatch4.2.4
ORphpmyadminphpmyadminMatch4.2.5
ORphpmyadminphpmyadminMatch4.2.6
ORphpmyadminphpmyadminMatch4.2.7
ORphpmyadminphpmyadminMatch4.2.7.1
ORphpmyadminphpmyadminMatch4.2.8
ORphpmyadminphpmyadminMatch4.2.8.1
ORphpmyadminphpmyadminMatch4.2.9
ORphpmyadminphpmyadminMatch4.2.10
ORphpmyadminphpmyadminMatch4.2.11
| Vendor | Product | Version | CPE |
|---|---|---|---|
| opensuse | opensuse | 12.3 | cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:* |
| opensuse | opensuse | 13.1 | cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:* |
| opensuse | opensuse | 13.2 | cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:* |
| phpmyadmin | phpmyadmin | 4.0.0 | cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.0:*:*:*:*:*:*:* |
| phpmyadmin | phpmyadmin | 4.0.0 | cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.0:rc2:*:*:*:*:*:* |
| phpmyadmin | phpmyadmin | 4.0.0 | cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.0:rc3:*:*:*:*:*:* |
| phpmyadmin | phpmyadmin | 4.0.1 | cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.1:*:*:*:*:*:*:* |
| phpmyadmin | phpmyadmin | 4.0.2 | cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.2:*:*:*:*:*:*:* |
| phpmyadmin | phpmyadmin | 4.0.3 | cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.3:*:*:*:*:*:*:* |
| phpmyadmin | phpmyadmin | 4.0.4 | cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.4:*:*:*:*:*:*:* |
References
lists.opensuse.org/opensuse-updates/2014-12/msg00017.html
www.mandriva.com/security/advisories?name=MDVSA-2014:228
www.phpmyadmin.net/home_page/security/PMASA-2014-14.php
www.securityfocus.com/bid/71247
github.com/phpmyadmin/phpmyadmin/commit/80cd40b6687a6717860d345d6eb55bef2908e961
security.gentoo.org/glsa/201505-03
Related
ubuntucve
ubuntucve
CVE-2014-8959
2014-11-30 00:00:00
phpmyadmin
phpmyadmin
Local file inclusion vulnerability.
2014-11-20 00:00:00
debiancve
debiancve
CVE-2014-8959
2014-11-30 11:59:01
cve
cve
CVE-2014-8959
2014-11-30 11:59:01
seebug
seebug
phpMyAdmin 4.2.12 /gis_data_editor.php ๆฌๅฐๆไปถๅ
ๅซๆผๆด
2015-05-13 00:00:00
prion
prion
Directory traversal
2014-11-30 11:59:00
cvelist
cvelist
CVE-2014-8959
2014-11-30 11:00:00
openvas
openvas
phpMyAdmin Multiple Vulnerabilities (PMASA-2014-13, PMASA-2014-14) - Windows
2017-08-18 00:00:00
phpMyAdmin Multiple Vulnerabilities (PMASA-2014-13, PMASA-2014-14) - Linux
2017-08-18 00:00:00
Fedora Update for phpMyAdmin FEDORA-2014-15535
2014-12-02 00:00:00
typo3
typo3
Multiple vulnerabilities in extension phpMyAdmin (phpmyadmin)
2014-12-08 00:00:00
fedora
fedora
[SECURITY] Fedora 21 Update: phpMyAdmin-4.2.12-1.fc21
2014-12-06 10:15:11
[SECURITY] Fedora 19 Update: phpMyAdmin-4.2.12-1.fc19
2014-12-01 18:58:07
[SECURITY] Fedora 20 Update: phpMyAdmin-4.2.12-1.fc20
2014-12-01 18:55:52
nessus
nessus
Fedora 20 : phpMyAdmin-4.2.12-1.fc20 (2014-15538)
2014-12-02 00:00:00
Fedora 21 : phpMyAdmin-4.2.12-1.fc21 (2014-15588)
2014-12-07 00:00:00
openSUSE Security Update : phpMyAdmin (openSUSE-SU-2014:1561-1)
2014-12-06 00:00:00
freebsd
freebsd
phpMyAdmin -- XSS and information disclosure vulnerabilities
2014-11-20 00:00:00
mageia
mageia
Updated phpmyadmin packages fix security vulnerabilities
2014-11-26 20:29:06
securityvulns
securityvulns
[ MDVSA-2014:228 ] phpmyadmin
2014-12-01 00:00:00
gentoo
gentoo
phpMyAdmin: Multiple vulnerabilities
2015-05-31 00:00:00
osv
osv
phpMyAdmin-4.6.5.2-1.1 on GA media
2024-06-15 00:00:00
CVSS2
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
AI Score
6.5
Confidence
Low
EPSS
0.016
Percentile
87.5%
Related for NVD:CVE-2014-8959