Description

phpMyAdmin before 2.6.1, when configured with UploadDir functionality, allows remote attackers to read arbitrary files via the sql_localfile parameter.

Remediation

References

CVE-2004-1148

Related Vulnerabilities

Apache Traffic Server Improper Input Validation Vulnerability (CVE-2018-1318)

Drupal Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2005-1921)

WordPress Plugin Favicon by RealFaviconGenerator Unspecified Vulnerability (1.2.13)

XWiki Improper Privilege Management Vulnerability (CVE-2023-34465)

qdPM Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2022-26180)

Severity

Medium

Classification

CVE-2004-1148

Tags

Missing Update Known Vulnerabilities