CVE-2004-1148 — Phpmyadmin vulnerability

4 documents4 sources

Severity

5.0MEDIUMNVD

EPSS

0.4%

top 39.83%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Phpmyadmin Debian Phpmyadmin

Timeline

PublishedJan 10

Latest updateApr 29

Description

phpMyAdmin before 2.6.1, when configured with UploadDir functionality, allows remote attackers to read arbitrary files via the sql_localfile parameter.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/phpmyadmin< phpmyadmin 2:2.6.1-rc1-1 (bookworm)

▶Debianphpmyadmin/phpmyadmin< 2:2.6.1-rc1-1+3

▶NVDphpmyadmin/phpmyadmin15 versions+14

🔴Vulnerability Details

GHSA

GHSA-9xhj-74j8-9gxq: phpMyAdmin before 2↗2022-04-29

▶

OSV

CVE-2004-1148: phpMyAdmin before 2↗2005-01-10

▶

📋Vendor Advisories

Debian

CVE-2004-1148: phpmyadmin - phpMyAdmin before 2.6.1, when configured with UploadDir functionality, allows re...↗2004

▶