CVE-2004-1148 | Vulnerability Database | Aqua Security

phpMyAdmin before 2.6.1, when configured with UploadDir functionality, allows remote attackers to read arbitrary files via the sql_localfile parameter.

Affected Software

Name	Vendor	Start Version	End Version
Phpmyadmin	Phpmyadmin	2.4.0 (including)	2.4.0 (including)
Phpmyadmin	Phpmyadmin	2.5.0 (including)	2.5.0 (including)
Phpmyadmin	Phpmyadmin	2.5.1 (including)	2.5.1 (including)
Phpmyadmin	Phpmyadmin	2.5.2 (including)	2.5.2 (including)
Phpmyadmin	Phpmyadmin	2.5.4 (including)	2.5.4 (including)
Phpmyadmin	Phpmyadmin	2.5.5 (including)	2.5.5 (including)
Phpmyadmin	Phpmyadmin	2.5.5_pl1 (including)	2.5.5_pl1 (including)
Phpmyadmin	Phpmyadmin	2.5.5_rc1 (including)	2.5.5_rc1 (including)
Phpmyadmin	Phpmyadmin	2.5.5_rc2 (including)	2.5.5_rc2 (including)
Phpmyadmin	Phpmyadmin	2.5.6_rc1 (including)	2.5.6_rc1 (including)
Phpmyadmin	Phpmyadmin	2.5.7 (including)	2.5.7 (including)
Phpmyadmin	Phpmyadmin	2.5.7_pl1 (including)	2.5.7_pl1 (including)
Phpmyadmin	Phpmyadmin	2.6.0_pl1 (including)	2.6.0_pl1 (including)
Phpmyadmin	Phpmyadmin	2.6.0_pl2 (including)	2.6.0_pl2 (including)
Phpmyadmin	Phpmyadmin	2.6.0_pl3 (including)	2.6.0_pl3 (including)

References

http://marc.info/?l=bugtraq\u0026m=110295781828323\u0026w=2
http://www.exaprobe.com/labs/advisories/esa-2004-1213.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/18441

NVD	https://nvd.nist.gov/vuln/detail/CVE-2004-1148
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html