FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2008-1924

This CVE name corresponds to:

Entered Topic
2008-04-24 phpmyadmin -- Shared Host Information Disclosure

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2008-1924
Phase Assigned(20080423)

Description

Unspecified vulnerability in phpMyAdmin before 2.11.5.2, when running on shared hosts, allows remote authenticated users with CREATE table permissions to read arbitrary files via a crafted HTTP POST request, related to use of an undefined UploadDir variable.

References

Source Reference
CONFIRM http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-3
DEBIAN DSA-1557
GENTOO GLSA-200805-02
MANDRIVA MDVSA-2008:131
SUSE SUSE-SR:2008:026
SUSE SUSE-SR:2009:003
BID 28906
VUPEN ADV-2008-1328
SECUNIA 29944
SECUNIA 29964
SECUNIA 30034
SECUNIA 30816
SECUNIA 32834
SECUNIA 33822
XF phpmyadmin-unspecified-info-disclosure(41964)