Published: 16/12/2008 Updated: 29/09/2017

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 435

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Directory traversal vulnerability in libraries/lib.inc.php in phpPgAdmin 4.2.1 and previous versions, when register_globals is enabled, allows remote malicious users to read arbitrary files via a .. (dot dot) in the _language parameter to index.php.

Vulnerable Product	Search on Vulmon	Subscribe to Product
phppgadmin phppgadmin 3.5.2
phppgadmin phppgadmin 3.5
phppgadmin phppgadmin 3.4.1
phppgadmin phppgadmin 3.1
phppgadmin phppgadmin
phppgadmin phppgadmin 2.2.1
phppgadmin phppgadmin 2.2
phppgadmin phppgadmin 4.1.1
phppgadmin phppgadmin 3.5.3

Debian Bug report logs - #508026 register_globals on is not supported Package: phppgadmin; Maintainer for phppgadmin is Debian PostgreSQL Maintainers <team+postgresql@trackerdebianorg>; Source for phppgadmin is src:phppgadmin (PTS, buildd, popcon) Reported by: Raphael Geissert <atomo64@gmailcom> Date: Sun, 7 Dec ...

Several remote vulnerabilities have been discovered in phpPgAdmin, a tool to administrate PostgreSQL database over the web The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-2865 Cross-site scripting vulnerability allows remote attackers to inject arbitrary web script or HTML via the server ...

:::::::- :::::: ::: ;;, `';, ;; ;;;`;;;;, `;;; `[[ [[[[' [[[ [[[[[ '[[ $$, $$$$ $$$ $$$ "Y$c$$ 888_,o8P'88 d888 888 Y88 MMMMP"` "YmmMMMM"" MMM YM [ Discovered by dun \ dun[at]strcpypl ] ################################################################## # [ phpPgAdm ...

CWE-22 http://www.securityfocus.com/bid/32670 http://secunia.com/advisories/33014 http://secunia.com/advisories/33263 http://www.debian.org/security/2008/dsa-1693 http://securityreason.com/securityalert/4737 http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html http://lists.opensuse.org/opensuse-updates/2012-04/msg00033.html https://exchange.xforce.ibmcloud.com/vulnerabilities/47140 https://www.exploit-db.com/exploits/7363 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508026 https://nvd.nist.gov https://www.exploit-db.com/exploits/7363/https://www.debian.org/security/./dsa-1693

CVE-2008-5587

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect