Launchpad CVE tracker

CVE 2008-1924

Unspecified vulnerability in phpMyAdmin before 2.11.5.2, when running on shared hosts, allows remote authenticated users with CREATE table permissions to read arbitrary files via a crafted HTTP POST request, related to use of an undefined UploadDir variable.

Related bugs and status

CVE-2008-1924 (Candidate) is related to these bugs:

Bug #227283: [phpmyadmin] [CVE-2008-1567 CVE-2008-1924] insufficient input sanitising

		In	Importance	Status
227283	[phpmyadmin] [CVE-2008-1567 CVE-2008-1924] insufficient input sanitising	phpmyadmin (Ubuntu)	High	Fix Released
227283	[phpmyadmin] [CVE-2008-1567 CVE-2008-1924] insufficient input sanitising	phpmyadmin (Ubuntu Hardy)	High	Fix Released
227283	[phpmyadmin] [CVE-2008-1567 CVE-2008-1924] insufficient input sanitising	phpmyadmin (Ubuntu Intrepid)	High	Fix Released
227283	[phpmyadmin] [CVE-2008-1567 CVE-2008-1924] insufficient input sanitising	phpmyadmin (Ubuntu Dapper)	Undecided	Won't Fix
227283	[phpmyadmin] [CVE-2008-1567 CVE-2008-1924] insufficient input sanitising	phpmyadmin (Ubuntu Gutsy)	Undecided	Won't Fix
227283	[phpmyadmin] [CVE-2008-1567 CVE-2008-1924] insufficient input sanitising	phpmyadmin (Ubuntu Feisty)	Undecided	Won't Fix

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://www.phpmyadmin....
SECUNIA: 29944
DEBIAN: DSA-1557
SECUNIA: 29964
BID: 28906
GENTOO: GLSA-200805-02
SECUNIA: 30034
MANDRIVA: MDVSA-2008:131
SECUNIA: 30816
SUSE: SUSE-SR:2008:026
SECUNIA: 32834
SUSE: SUSE-SR:2009:003
SECUNIA: 33822
VUPEN: ADV-2008-1328
XF: phpmyadmin-unspecified...

Launchpad.net

CVE 2008-1924

Related bugs and status

Related bugs

References