Vulnerabilidad en una variable UploadDir en hosts compartidos en phpMyAdmin. (CVE-2008-1924)
Gravedad CVSS v2.0:
BAJA
Tipo:
CWE-200
Revelación de información
Fecha de publicación:
23/04/2008
Última modificación:
09/04/2025
Descripción
Una vulnerabilidad no especificada en phpMyAdmin versiones anteriores a 2.11.5.2, cuando se ejecuta en hosts compartidos, permite a los usuarios autenticados remotos con permisos de tabla CREATE leer archivos arbitrarios por medio de una petición POST de HTTP diseñada, relacionada con el uso de una variable UploadDir indefinida.
Impacto
Puntuación base 2.0
3.50
Gravedad 2.0
BAJA
Productos y versiones vulnerables
| CPE | Desde | Hasta |
|---|---|---|
| cpe:2.3:a:phpmyadmin:phpmyadmin:*:*:*:*:*:*:*:* | 2.11.5.1 (incluyendo) | |
| cpe:2.3:a:phpmyadmin:phpmyadmin:2.10.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:phpmyadmin:phpmyadmin:2.10.0.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:phpmyadmin:phpmyadmin:2.10.0.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:phpmyadmin:phpmyadmin:2.10.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:phpmyadmin:phpmyadmin:2.10.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:phpmyadmin:phpmyadmin:2.10.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:phpmyadmin:phpmyadmin:2.10.3rc1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.0beta1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.0rc1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.1.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.1.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.1rc1:*:*:*:*:*:*:* |
Para consultar la lista completa de nombres de CPE con productos y versiones, ver esta página
Referencias a soluciones, herramientas e información
- http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html
- http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html
- http://secunia.com/advisories/29944
- http://secunia.com/advisories/29964
- http://secunia.com/advisories/30034
- http://secunia.com/advisories/30816
- http://secunia.com/advisories/32834
- http://secunia.com/advisories/33822
- http://security.gentoo.org/glsa/glsa-200805-02.xml
- http://www.debian.org/security/2008/dsa-1557
- http://www.mandriva.com/security/advisories?name=MDVSA-2008%3A131
- http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-3
- http://www.securityfocus.com/bid/28906
- http://www.vupen.com/english/advisories/2008/1328/references
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41964
- http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html
- http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html
- http://secunia.com/advisories/29944
- http://secunia.com/advisories/29964
- http://secunia.com/advisories/30034
- http://secunia.com/advisories/30816
- http://secunia.com/advisories/32834
- http://secunia.com/advisories/33822
- http://security.gentoo.org/glsa/glsa-200805-02.xml
- http://www.debian.org/security/2008/dsa-1557
- http://www.mandriva.com/security/advisories?name=MDVSA-2008%3A131
- http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-3
- http://www.securityfocus.com/bid/28906
- http://www.vupen.com/english/advisories/2008/1328/references
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41964