Vulnerability Details CVE-2008-7251
libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 creates a temporary directory with 0777 permissions, which has unknown impact and attack vectors.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.024
EPSS Ranking 84.5%
CVSS Severity
CVSS v2 Score 10.0
References
- http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00007.html
- http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/QA_2_11/phpMyAdmin/libraries/File.class.php?r1=11536&r2=11535&pathrev=11536
- http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin?view=rev&revision=11536
- http://secunia.com/advisories/38211
- http://secunia.com/advisories/39503
- http://www.debian.org/security/2010/dsa-2034
- http://www.phpmyadmin.net/home_page/security/PMASA-2010-1.php
- http://www.securityfocus.com/bid/37826
- http://www.vupen.com/english/advisories/2010/0910
- http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00007.html
- http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/QA_2_11/phpMyAdmin/libraries/File.class.php?r1=11536&r2=11535&pathrev=11536
- http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin?view=rev&revision=11536
- http://secunia.com/advisories/38211
- http://secunia.com/advisories/39503
- http://www.debian.org/security/2010/dsa-2034
- http://www.phpmyadmin.net/home_page/security/PMASA-2010-1.php
- http://www.securityfocus.com/bid/37826
- http://www.vupen.com/english/advisories/2010/0910
Products affected by CVE-2008-7251
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.0
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.0.0
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.0beta1
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.0rc1
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.1
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.1.0
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.1.1
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.1.2
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.1rc1
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.2
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.2.0
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.2.1
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.2.2
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.3
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.3.0
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.3rc1
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.4
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.4.0
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.4rc1
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.5
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.5.0
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.5.1
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.5.2
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.5rc1
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.6
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.6.0
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.6rc1
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.7
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.7.0
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.8
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.9
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.9.0
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.9.1
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.9.2
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.9.3
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.9.4
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.9.5
-
cpe:2.3:a:phpmyadmin:phpmyadmin:2.11.9.6