Lucene search

K

[email protected]NVD:CVE-2014-8961

HistoryNov 30, 2014 - 11:59 a.m.

CVE-2014-8961

2014-11-3011:59:03

CWE-22

[email protected]

web.nvd.nist.gov

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

5.5 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

52.6%

Directory traversal vulnerability in libraries/error_report.lib.php in the error-reporting feature in phpMyAdmin 4.1.x before 4.1.14.7 and 4.2.x before 4.2.12 allows remote authenticated users to obtain potentially sensitive information about a file’s line count via a crafted parameter.

Affected configurations

NVD

Node

phpmyadminphpmyadminMatch4.1.0

OR

phpmyadminphpmyadminMatch4.1.1

OR

phpmyadminphpmyadminMatch4.1.2

OR

phpmyadminphpmyadminMatch4.1.3

OR

phpmyadminphpmyadminMatch4.1.4

OR

phpmyadminphpmyadminMatch4.1.5

OR

phpmyadminphpmyadminMatch4.1.6

OR

phpmyadminphpmyadminMatch4.1.7

OR

phpmyadminphpmyadminMatch4.1.8

OR

phpmyadminphpmyadminMatch4.1.9

OR

phpmyadminphpmyadminMatch4.1.10

OR

phpmyadminphpmyadminMatch4.1.11

OR

phpmyadminphpmyadminMatch4.1.12

OR

phpmyadminphpmyadminMatch4.1.13

OR

phpmyadminphpmyadminMatch4.1.14

OR

phpmyadminphpmyadminMatch4.1.14.1

OR

phpmyadminphpmyadminMatch4.1.14.2

OR

phpmyadminphpmyadminMatch4.1.14.3

OR

phpmyadminphpmyadminMatch4.1.14.4

OR

phpmyadminphpmyadminMatch4.1.14.5

OR

phpmyadminphpmyadminMatch4.1.14.6

OR

phpmyadminphpmyadminMatch4.2.0

OR

phpmyadminphpmyadminMatch4.2.1

OR

phpmyadminphpmyadminMatch4.2.2

OR

phpmyadminphpmyadminMatch4.2.3

OR

phpmyadminphpmyadminMatch4.2.4

OR

phpmyadminphpmyadminMatch4.2.5

OR

phpmyadminphpmyadminMatch4.2.6

OR

phpmyadminphpmyadminMatch4.2.7.1

OR

phpmyadminphpmyadminMatch4.2.8

OR

phpmyadminphpmyadminMatch4.2.8.1

OR

phpmyadminphpmyadminMatch4.2.9

OR

phpmyadminphpmyadminMatch4.2.9.1

OR

phpmyadminphpmyadminMatch4.2.10.1

OR

phpmyadminphpmyadminMatch4.2.11

Node

opensuseopensuseMatch12.3

OR

opensuseopensuseMatch13.1

OR

opensuseopensuseMatch13.2

References

lists.opensuse.org/opensuse-updates/2014-12/msg00017.html

www.mandriva.com/security/advisories?name=MDVSA-2014:228

www.phpmyadmin.net/home_page/security/PMASA-2014-16.php

www.securityfocus.com/bid/71245

github.com/phpmyadmin/phpmyadmin/commit/b99b6b6672ff2419f05b05740c80c7a23c1da994

security.gentoo.org/glsa/201505-03

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

5.5 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

52.6%

Related for NVD:CVE-2014-8961

cve1 cvelist1 debiancve1 ubuntucve1 phpmyadmin1 prion1 openvas7 nessus8 fedora3 securityvulns2 freebsd1 mageia1 gentoo1