oss-sec mailing list archives

Re: CVE request: phpmyadmin PMASA-2008-3

From: "Steven M. Christey" <coley () linus mitre org>
Date: Wed, 23 Apr 2008 11:54:36 -0400 (EDT)


======================================================
Name: CVE-2008-1924
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1924
Reference: CONFIRM:http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-3

Unspecified vulnerability in phpMyAdmin before 2.11.5.2, when running
on shared hosts, allows attackers with CREATE table permissions to
read arbitrary files via a crafted HTTP POST request, related to use
of an undefined UploadDir variable.

Current thread:

CVE request: phpmyadmin PMASA-2008-3 Hanno Böck (Apr 23)
- Re: CVE request: phpmyadmin PMASA-2008-3 Steven M. Christey (Apr 23)