First published: Thu Mar 26 2009(Updated: )
Directory traversal vulnerability in bs_disp_as_mime_type.php in the BLOB streaming feature in phpMyAdmin before 3.1.3.1 allows remote attackers to read arbitrary files via directory traversal sequences in the file_path parameter ($filename variable).
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
phpMyAdmin phpMyAdmin | =3.1.2 | |
phpMyAdmin phpMyAdmin | =3.1.0 | |
phpMyAdmin phpMyAdmin | =3.1.1-rc1 | |
phpMyAdmin phpMyAdmin | =3.1.1 | |
phpMyAdmin phpMyAdmin | =3.1.3-rc1 | |
phpMyAdmin phpMyAdmin | =3.1.0.0 | |
phpMyAdmin phpMyAdmin | =3.1.2-rc1 | |
phpMyAdmin phpMyAdmin | <=3.1.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2009-1148 is considered a moderate severity vulnerability due to its potential for unauthorized file access.
To fix CVE-2009-1148, upgrade phpMyAdmin to version 3.1.3.1 or later, which addresses this vulnerability.
CVE-2009-1148 affects phpMyAdmin versions 3.1.0 to 3.1.3 inclusive.
CVE-2009-1148 facilitates directory traversal attacks, allowing attackers to read arbitrary files on the server.
CVE-2009-1148 involves the bs_disp_as_mime_type.php file in the BLOB streaming feature of phpMyAdmin.