CVE-2008-7252Insecure Temporary File in Phpmyadmin

CWE-310CWE-377Insecure Temporary File7 documents6 sources
Severity
10.0CRITICALNVD
EPSS
3.0%
top 13.50%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
PhpmyadminDebian Phpmyadmin
Timeline
PublishedJan 19
Latest updateMay 17

Description

libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 uses predictable filenames for temporary files, which has unknown impact and attack vectors.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages4 packages

debiandebian/phpmyadmin< phpmyadmin 4:3.0.0-1 (bookworm)
Packagistphpmyadmin/phpmyadmin2.11.02.11.10
Debianphpmyadmin/phpmyadmin< 4:3.0.0-1+3
NVDphpmyadmin/phpmyadmin38 versions+37

Patches

Patch: www.securityfocus.comPatch: www.securityfocus.com

🔴Vulnerability Details

3
GHSA
phpMyAdmin unsafely handles temporary files2022-05-17
OSV
phpMyAdmin unsafely handles temporary files2022-05-17
OSV
CVE-2008-7252: libraries/File2010-01-19

📋Vendor Advisories

2
Red Hat
phpMyAdmin 2.x multiple vulnerabilities2010-01-15
Debian
CVE-2008-7252: phpmyadmin - libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 uses predictable fi...2008

💬Community

1
Bugzilla
CVE-2008-7251 CVE-2008-7252 CVE-2009-4605 phpMyAdmin 2.x multiple vulnerabilities2010-01-20