PublicDate: 2008-04-23 16:05:00 UTC
Candidate: CVE-2008-1924
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1924
Description:
 Unspecified vulnerability in phpMyAdmin before 2.11.5.2, when running on
 shared hosts, allows remote authenticated users with CREATE table
 permissions to read arbitrary files via a crafted HTTP POST request,
 related to use of an undefined UploadDir variable.
Ubuntu-Description:
Notes:
Bugs:
 https://bugs.launchpad.net/bugs/227283
Priority: low
Discovered-by:
Assigned-to:
CVSS: 

Patches_phpmyadmin:
upstream_phpmyadmin: released (2.11.5.2)
dapper_phpmyadmin: ignored (reached end-of-life)
feisty_phpmyadmin: needed (reached end-of-life)
gutsy_phpmyadmin: needed (reached end-of-life)
hardy_phpmyadmin: released (4:2.11.3-1ubuntu1.1)
intrepid_phpmyadmin: not-affected (4:2.11.6-1)
jaunty_phpmyadmin: not-affected (4:2.11.6-1)
karmic_phpmyadmin: not-affected (4:2.11.6-1)
devel_phpmyadmin: not-affected (4:2.11.6-1)