Description

Directory traversal vulnerability in bs_disp_as_mime_type.php in the BLOB streaming feature in phpMyAdmin before 3.1.3.1 allows remote attackers to read arbitrary files via directory traversal sequences in the file_path parameter ($filename variable).

Remediation

References

CVE-2009-1148

Related Vulnerabilities

WordPress Plugin Site Editor-WordPress Site Builder-Theme Builder and Page Builder Local File Inclusion (1.1.1)

WordPress Plugin Affiliates Manager SQL Injection (2.8.6)

IBM RTC Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-0123)

Apache HTTP Server Other Vulnerability (CVE-2004-1387)

PHP Other Vulnerability (CVE-2006-3017)

Severity

Medium

Classification

CVE-2009-1148 CWE-22

Tags

Missing Update Known Vulnerabilities