Description
Unspecified vulnerability in phpMyAdmin before 2.11.5.2, when running on shared hosts, allows remote authenticated users with CREATE table permissions to read arbitrary files via a crafted HTTP POST request, related to use of an undefined UploadDir variable.
Remediation
References
Related Vulnerabilities
MySQL CVE-2020-2895 Vulnerability (CVE-2020-2895)
WordPress Plugin Gallery-Image and Video Gallery with Thumbnails SQL Injection (2.0.3)
WordPress Plugin Analyticator Multiple Cross-Site Scripting Vulnerabilities (6.4.9.5)
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2021-20281)