Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-5587 — Path Traversal in Phppgadmin

CWE-22 — Path Traversal8 documents8 sources

Severity

4.3MEDIUMNVD

EPSS

2.3%

top 15.20%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Phppgadmin Project Phppgadmin Debian Phppgadmin Phppgadmin

Timeline

PublishedDec 16

Latest updateMay 17

Description

Directory traversal vulnerability in libraries/lib.inc.php in phpPgAdmin 4.2.1 and earlier, when register_globals is enabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the _language parameter to index.php.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/phppgadmin< phppgadmin 4.2.1-1.1 (forky)

▶Debianphppgadmin_project/phppgadmin< 4.2.1-1.1+1

▶NVDphppgadmin/phppgadmin4.2.1+8

🔴Vulnerability Details

GHSA

GHSA-v758-3cg3-fww7: Directory traversal vulnerability in libraries/lib↗2022-05-17

▶

OSV

CVE-2008-5587: Directory traversal vulnerability in libraries/lib↗2008-12-16

▶

💥Exploits & PoCs

Exploit-DB

phpPgAdmin 4.2.1 - '_language' Local File Inclusion↗2008-12-06

▶

Nuclei

phpPgAdmin <=4.2.1 - Local File Inclusion

▶

📋Vendor Advisories

Debian

CVE-2008-5587: phppgadmin - Directory traversal vulnerability in libraries/lib.inc.php in phpPgAdmin 4.2.1 a...↗2008

▶

Red Hat

phpPgAdmin: directory traversal flaw in libraries/lib.inc.php↗

▶

💬Community

Bugzilla

CVE-2008-5587 phpPgAdmin: directory traversal flaw in libraries/lib.inc.php↗2008-12-17

▶