CVE-2014-8959Path Traversal in Phpmyadmin

CWE-22Path Traversal10 documents5 sources
Severity
6.5MEDIUMNVD
EPSS
2.8%
top 13.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
PhpmyadminDebian PhpmyadminOpensuse
Timeline
PublishedNov 30
Latest updateMay 14

Description

Directory traversal vulnerability in libraries/gis/GIS_Factory.class.php in the GIS editor in phpMyAdmin 4.0.x before 4.0.10.6, 4.1.x before 4.1.14.7, and 4.2.x before 4.2.12 allows remote authenticated users to include and execute arbitrary local files via a crafted geometry-type parameter.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 8.0 | Impact: 6.4

Affected Packages4 packages

debiandebian/phpmyadmin< phpmyadmin 4:4.2.12-1 (bookworm)
Debianphpmyadmin/phpmyadmin< 4:4.2.12-1+3
NVDphpmyadmin/phpmyadmin54 versions+53
NVDopensuse/opensuse12.3, 13.1, 13.2+2

🔴Vulnerability Details

2
GHSA
GHSA-hvw8-56v7-x24q: Directory traversal vulnerability in libraries/gis/GIS_Factory2022-05-14
OSV
CVE-2014-8959: Directory traversal vulnerability in libraries/gis/GIS_Factory2014-11-30

📋Vendor Advisories

1
Debian
CVE-2014-8959: phpmyadmin - Directory traversal vulnerability in libraries/gis/GIS_Factory.class.php in the ...2014

💬Community

5
Bugzilla
CVE-2014-8959 phpMyAdmin4: phpMyAdmin: Local file inclusion vulnerability (PMASA-2014-14) [epel-5]2014-11-21
Bugzilla
CVE-2014-8959 phpMyAdmin: Local file inclusion vulnerability (PMASA-2014-14) [fedora-all]2014-11-21
Bugzilla
CVE-2014-8959 phpMyAdmin: Local file inclusion vulnerability (PMASA-2014-14)2014-11-21
Bugzilla
CVE-2014-8959 phpMyAdmin: Local file inclusion vulnerability (PMASA-2014-14) [epel-7]2014-11-21
Bugzilla
CVE-2014-8959 phpMyAdmin: Local file inclusion vulnerability (PMASA-2014-14) [epel-6]2014-11-21