Description

phpMyAdmin before 2.6.1, when configured with UploadDir functionality, allows remote attackers to read arbitrary files via the sql_localfile parameter.

Remediation

References

CVE-2004-1148

Related Vulnerabilities

Oracle Database Server CVE-2010-2415 Vulnerability (CVE-2010-2415)

Drupal Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') Vulnerability (CVE-2007-5595)

WordPress Plugin Woopra Analytics Arbitrary File Upload (1.4.3.1)

MySQL CVE-2018-3161 Vulnerability (CVE-2018-3161)

Oracle Database Server CVE-2024-20995 Vulnerability (CVE-2024-20995)

Severity

Medium

Classification

CVE-2004-1148

Tags

Missing Update Known Vulnerabilities