CVE-2008-5587
published 2008-12-16CVE-2008-5587: Directory traversal vulnerability in libraries/lib.inc.php in phpPgAdmin 4.2.1 and earlier, when register_globals is enabled, allows remote attackers to read…
PriorityP337medium4.3CVSS 2.0
AVNACMAuNCPINAN
EXPLOIT
EPSS
12.86%
95.8th percentile
Directory traversal vulnerability in libraries/lib.inc.php in phpPgAdmin 4.2.1 and earlier, when register_globals is enabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the _language parameter to index.php.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | phppgadmin | < phppgadmin 4.2.1-1.1 (forky) | phppgadmin 4.2.1-1.1 (forky) |
| phppgadmin | phppgadmin | <= 4.2.1 | — |
| phppgadmin | phppgadmin | — | — |
| phppgadmin | phppgadmin | — | — |
| phppgadmin | phppgadmin | — | — |
| phppgadmin | phppgadmin | — | — |
| phppgadmin | phppgadmin | — | — |
| phppgadmin | phppgadmin | — | — |
| phppgadmin | phppgadmin | — | — |
| phppgadmin | phppgadmin | — | — |
| phppgadmin_project | phppgadmin | >= 0 < 4.2.1-1.1 | 4.2.1-1.1 |
| phppgadmin_project | phppgadmin | >= 0 < 4.2.1-1.1 | 4.2.1-1.1 |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:N
osv4.3MEDIUM
vendor_debian4.3LOW
vendor_redhat4.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-v758-3cg3-fww7: Directory traversal vulnerability in libraries/lib
ghsa_unreviewed·2022-05-17
CVE-2008-5587 [MEDIUM] CWE-22 GHSA-v758-3cg3-fww7: Directory traversal vulnerability in libraries/lib
Directory traversal vulnerability in libraries/lib.inc.php in phpPgAdmin 4.2.1 and earlier, when register_globals is enabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the _language parameter to index.php.
OSV
CVE-2008-5587: Directory traversal vulnerability in libraries/lib
osv·2008-12-16·CVSS 4.3
CVE-2008-5587 [MEDIUM] CVE-2008-5587: Directory traversal vulnerability in libraries/lib
Directory traversal vulnerability in libraries/lib.inc.php in phpPgAdmin 4.2.1 and earlier, when register_globals is enabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the _language parameter to index.php.
Debian
CVE-2008-5587: phppgadmin - Directory traversal vulnerability in libraries/lib.inc.php in phpPgAdmin 4.2.1 a...
vendor_debian·2008·CVSS 4.3
CVE-2008-5587 [MEDIUM] CVE-2008-5587: phppgadmin - Directory traversal vulnerability in libraries/lib.inc.php in phpPgAdmin 4.2.1 a...
Directory traversal vulnerability in libraries/lib.inc.php in phpPgAdmin 4.2.1 and earlier, when register_globals is enabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the _language parameter to index.php.
Scope: local
forky: resolved (fixed in 4.2.1-1.1)
sid: resolved (fixed in 4.2.1-1.1)
trixie: resolved (fixed in 4.2.1-1.1)
Red Hat
phpPgAdmin: directory traversal flaw in libraries/lib.inc.php
vendor_redhat·CVSS 4.3
CVE-2008-5587 [MEDIUM] phpPgAdmin: directory traversal flaw in libraries/lib.inc.php
phpPgAdmin: directory traversal flaw in libraries/lib.inc.php
Directory traversal vulnerability in libraries/lib.inc.php in phpPgAdmin 4.2.1 and earlier, when register_globals is enabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the _language parameter to index.php.
No detection rules found.
Exploit-DB
phpPgAdmin 4.2.1 - '_language' Local File Inclusion
exploitdb·2008-12-06
CVE-2008-5587 phpPgAdmin 4.2.1 - '_language' Local File Inclusion
phpPgAdmin 4.2.1 - '_language' Local File Inclusion
---
:::::::-. ... ::::::. :::.
;;, `';, ;; ;;;`;;;;, `;;;
`[[ [[[[' [[[ [[[[[. '[[
$$, $$$$ $$$ $$$ "Y$c$$
888_,o8P'88 .d888 888 Y88
MMMMP"` "YmmMMMM"" MMM YM
[ Discovered by dun \ dun[at]strcpy.pl ]
##################################################################
# [ phpPgAdmin 136)
#
# ...
# // Determine language file to import:
# // 1. Check for the language from a request var
# if (isset($_REQUEST['language']) && isset($appLangFiles[$_REQUEST['language']]))
# $_language = $_REQUEST['language'];
#
# // 2. Check for language session var
# if (!isset($_language) && isset($_SESSION['webdbLanguage']) && isset($appLangFiles[$_SESSION['webdbLanguage']])) {
# $_language = $_SESSION['webdbLanguage'];
# }
#
# // 3. Check for acceptable la
Nuclei
phpPgAdmin <=4.2.1 - Local File Inclusion
nuclei·CVSS 4.3
CVE-2008-5587 [MEDIUM] phpPgAdmin <=4.2.1 - Local File Inclusion
phpPgAdmin <=4.2.1 - Local File Inclusion
phpPgAdmin 4.2.1 is vulnerable to local file inclusion in libraries/lib.inc.php when register globals is enabled. Remote attackers can read arbitrary files via a .. (dot dot) in the _language parameter to index.php.
Template:
id: CVE-2008-5587
info:
name: phpPgAdmin <=4.2.1 - Local File Inclusion
author: dhiyaneshDK
severity: medium
description: phpPgAdmin 4.2.1 is vulnerable to local file inclusion in libraries/lib.inc.php when register globals is enabled. Remote attackers can read arbitrary files via a .. (dot dot) in the _language parameter to index.php.
impact: |
An attacker can exploit this vulnerability to read sensitive files on the server and potentially execute arbitrary code.
remediation: |
Upgrade phpPgAdmin to a version higher than
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.htmlhttp://lists.opensuse.org/opensuse-updates/2012-04/msg00033.htmlhttp://secunia.com/advisories/33014http://secunia.com/advisories/33263http://securityreason.com/securityalert/4737http://www.debian.org/security/2008/dsa-1693http://www.securityfocus.com/bid/32670https://exchange.xforce.ibmcloud.com/vulnerabilities/47140https://www.exploit-db.com/exploits/7363http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.htmlhttp://lists.opensuse.org/opensuse-updates/2012-04/msg00033.htmlhttp://secunia.com/advisories/33014http://secunia.com/advisories/33263http://securityreason.com/securityalert/4737http://www.debian.org/security/2008/dsa-1693http://www.securityfocus.com/bid/32670https://exchange.xforce.ibmcloud.com/vulnerabilities/47140https://www.exploit-db.com/exploits/7363
2008-12-16
Published