VDB
CVE-2008-1924
CVE-2008-1924
PUBLISHED
CVSS 3.5 LOW
Unspecified vulnerability in phpMyAdmin before 2.11.5.2, when running on shared hosts, allows remote authenticated users with CREATE table permissions to read arbitrary files via a crafted HTTP POST request, related to use of an undefined UploadDir variable.
EPSS 0.20% · 42.0th percentile
Risk Scores
CVSS 2.0
3.5
EPSS Score
0.20%
42.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| phpmyadmin | phpmyadmin | 0, 2.10.0.2, 2.10.1 |
Timeline
- Apr 23, 2008 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- May 25, 2023 EPSS Score
References
- SUSE-SR:2009:003 vendor-advisory
- 28906 vdb
- GLSA-200805-02 vendor-advisory
- DSA-1557 vendor-advisory
- 32834 third-party-advisory
- 29964 third-party-advisory
- 30816 third-party-advisory
- phpmyadmin-unspecified-info-disclosure(41964) vdb
- 33822 third-party-advisory
- 29944 third-party-advisory
- http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-3 url
- 30034 third-party-advisory
- ADV-2008-1328 vdb
- SUSE-SR:2008:026 vendor-advisory
- MDVSA-2008:131 vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2008-1924 advisory