oss-sec mailing list archives
Re: CVE request: phpmyadmin PMASA-2008-3
From: "Steven M. Christey" <coley () linus mitre org>
Date: Wed, 23 Apr 2008 11:54:36 -0400 (EDT)
====================================================== Name: CVE-2008-1924 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1924 Reference: CONFIRM:http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-3 Unspecified vulnerability in phpMyAdmin before 2.11.5.2, when running on shared hosts, allows attackers with CREATE table permissions to read arbitrary files via a crafted HTTP POST request, related to use of an undefined UploadDir variable.
Current thread:
- CVE request: phpmyadmin PMASA-2008-3 Hanno Böck (Apr 23)
- Re: CVE request: phpmyadmin PMASA-2008-3 Steven M. Christey (Apr 23)