CVE-2004-0129 Affecting phpmyadmin package, versions <2:2.6.0-pl2
Threat Intelligence
EPSS
1.38% (87th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-DEBIAN8-PHPMYADMIN-417767
- published 3 Mar 2004
- disclosed 3 Mar 2004
Introduced: 3 Mar 2004
CVE-2004-0129 Open this link in a new tabHow to fix?
Upgrade Debian:8 phpmyadmin to version 2:2.6.0-pl2 or higher.
NVD Description
Note: Versions mentioned in the description apply only to the upstream phpmyadmin package and not the phpmyadmin package as distributed by Debian.
See How to fix? for Debian:8 relevant fixed versions and status.
Directory traversal vulnerability in export.php in phpMyAdmin 2.5.5 and earlier allows remote attackers to read arbitrary files via .. (dot dot) sequences in the what parameter.
References
- https://security-tracker.debian.org/tracker/CVE-2004-0129
- http://security.gentoo.org/glsa/glsa-200402-05.xml
- http://marc.info/?l=bugtraq&m=107582619125932&w=2
- http://sourceforge.net/forum/forum.php?forum_id=350228
- http://www.phpmyadmin.net/home_page/relnotes.php?rel=0
- http://secunia.com/advisories/10769
- http://www.securityfocus.com/bid/9564
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15021
- http://www.osvdb.org/3800
CVSS Scores
version 3.1