CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Phpmyadmin: >> Phpmyadmin >> 2.11.11 Security Vulnerabilities

CVE-2009-1148

Directory traversal vulnerability in bs_disp_as_mime_type.php in the BLOB streaming feature in phpMyAdmin before 3.1.3.1 allows remote attackers to read arbitrary files via directory traversal sequences in the file_path parameter ($filename variable).

CVSS Score

5.0

EPSS Score

0.006

Published

2009-03-26

CVE-2009-1149

CRLF injection vulnerability in bs_disp_as_mime_type.php in the BLOB streaming feature in phpMyAdmin before 3.1.3.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the (1) c_type and possibly (2) file_type parameters.

CVSS Score

7.5

EPSS Score

0.007

Published

2009-03-26

Page 3

Vulnerabilities

Vulnerable Software

Phpmyadmin: >> Phpmyadmin >> 2.11.11 Security Vulnerabilities

Products

Pricing

Contact Us