Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2004-0129 — Path Traversal in Phpmyadmin

5 documents5 sources

Severity

5.0MEDIUMNVD

EPSS

13.3%

top 5.81%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Phpmyadmin Debian Phpmyadmin

Timeline

PublishedMar 3

Latest updateApr 29

Description

Directory traversal vulnerability in export.php in phpMyAdmin 2.5.5 and earlier allows remote attackers to read arbitrary files via .. (dot dot) sequences in the what parameter.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/phpmyadmin< phpmyadmin 2:2.6.0-pl2 (bookworm)

▶Debianphpmyadmin/phpmyadmin< 2:2.6.0-pl2+3

▶NVDphpmyadmin/phpmyadmin29 versions+28

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-f766-fjw3-vvfv: Directory traversal vulnerability in export↗2022-04-29

▶

OSV

CVE-2004-0129: Directory traversal vulnerability in export↗2004-03-03

▶

💥Exploits & PoCs

Exploit-DB

phpMyAdmin 2.x - 'Export.php' File Disclosure↗2004-02-03

▶

📋Vendor Advisories

Debian

CVE-2004-0129: phpmyadmin - Directory traversal vulnerability in export.php in phpMyAdmin 2.5.5 and earlier ...↗2004

▶