Description

Unspecified vulnerability in phpMyAdmin before 2.11.5.2, when running on shared hosts, allows remote authenticated users with CREATE table permissions to read arbitrary files via a crafted HTTP POST request, related to use of an undefined UploadDir variable.

Remediation

References

CVE-2008-1924

Related Vulnerabilities

WordPress Plugin Modern Events Calendar Lite Multiple Vulnerabilities (5.16.5)

SharePoint CVE-2021-40483 Vulnerability (CVE-2021-40483)

XWiki Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2023-36469)

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2015-3179)

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-10890)

Severity

Low

Classification

CVE-2008-1924 CWE-200

Tags

Missing Update Known Vulnerabilities