CVE-2004-1148 | Vulnerability Database | Aqua Security

NVD

https://nvd.nist.gov/vuln/detail/CVE-2004-1148

CWE

https://cwe.mitre.org/data/definitions/NVD-Other.html

phpMyAdmin before 2.6.1, when configured with UploadDir functionality, allows remote attackers to read arbitrary files via the sql_localfile parameter.

Affected Software

Name	Vendor	Start Version	End Version
Phpmyadmin	Phpmyadmin	2.4.0	2.4.0
Phpmyadmin	Phpmyadmin	2.5.0	2.5.0
Phpmyadmin	Phpmyadmin	2.5.1	2.5.1
Phpmyadmin	Phpmyadmin	2.5.2	2.5.2
Phpmyadmin	Phpmyadmin	2.5.4	2.5.4
Phpmyadmin	Phpmyadmin	2.5.5	2.5.5
Phpmyadmin	Phpmyadmin	2.5.5_pl1	2.5.5_pl1
Phpmyadmin	Phpmyadmin	2.5.5_rc1	2.5.5_rc1
Phpmyadmin	Phpmyadmin	2.5.5_rc2	2.5.5_rc2
Phpmyadmin	Phpmyadmin	2.5.6_rc1	2.5.6_rc1
Phpmyadmin	Phpmyadmin	2.5.7	2.5.7
Phpmyadmin	Phpmyadmin	2.5.7_pl1	2.5.7_pl1
Phpmyadmin	Phpmyadmin	2.6.0_pl1	2.6.0_pl1
Phpmyadmin	Phpmyadmin	2.6.0_pl2	2.6.0_pl2
Phpmyadmin	Phpmyadmin	2.6.0_pl3	2.6.0_pl3

References

http://marc.info/?l=bugtraq\u0026m=110295781828323\u0026w=2
http://www.exaprobe.com/labs/advisories/esa-2004-1213.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/18441