CVE-2008-1924 — Sensitive Information Exposure in Phpmyadmin

CWE-200 — Sensitive Information Exposure5 documents5 sources

Severity

3.5LOWNVD

EPSS

0.2%

top 61.09%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Phpmyadmin Debian Phpmyadmin

Timeline

PublishedApr 23

Latest updateMay 1

Description

Unspecified vulnerability in phpMyAdmin before 2.11.5.2, when running on shared hosts, allows remote authenticated users with CREATE table permissions to read arbitrary files via a crafted HTTP POST request, related to use of an undefined UploadDir variable.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 6.8 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/phpmyadmin< phpmyadmin 4:2.11.5.2-1 (bookworm)

▶Debianphpmyadmin/phpmyadmin< 4:2.11.5.2-1+3

▶NVDphpmyadmin/phpmyadmin2.11.5.1+23

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-pfxq-3wfw-4c7m: Unspecified vulnerability in phpMyAdmin before 2↗2022-05-01

▶

OSV

CVE-2008-1924: Unspecified vulnerability in phpMyAdmin before 2↗2008-04-23

▶

📋Vendor Advisories

Debian

CVE-2008-1924: phpmyadmin - Unspecified vulnerability in phpMyAdmin before 2.11.5.2, when running on shared ...↗2008

▶

Red Hat

phpMyAdmin: Permission/information leak to access with apache rights↗

▶