Executive Summary

Informations
Name CVE-2008-7251 First vendor Publication 2010-01-19
Vendor Cve Last vendor Modification 2010-05-06

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 creates a temporary directory with 0777 permissions, which has unknown impact and attack vectors.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7251

CWE : Common Weakness Enumeration

idName
CWE-264Permissions, Privileges, and Access Controls

CPE : Common Platform Enumeration

TypeDescriptionCount
Application45

OpenVAS Exploits

DateDescription
2012-02-12Name : Gentoo Security Advisory GLSA 201201-01 (phpMyAdmin)
File : nvt/glsa_201201_01.nasl
2010-05-04Name : Debian Security Advisory DSA 2034-1 (phpmyadmin)
File : nvt/deb_2034_1.nasl
2010-01-18Name : phpMyAdmin Insecure Temporary File and Directory Creation Vulnerabilities
File : nvt/phpmyadmin_37826.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
61859phpMyAdmin libraries/File.class.php Temporary Directory Permission Weakness U...

Nessus® Vulnerability Scanner

DateDescription
2012-01-05Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201201-01.nasl - Type : ACT_GATHER_INFO
2010-04-19Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2034.nasl - Type : ACT_GATHER_INFO
2010-01-18Name : The remote openSUSE host is missing a security update.
File : suse_11_0_phpMyAdmin-091209.nasl - Type : ACT_GATHER_INFO

Internal Sources (Detail)

SourceUrl
BID http://www.securityfocus.com/bid/37826
CONFIRM http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin?view=rev&revision...
http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/QA_2_11/phpM...
http://www.phpmyadmin.net/home_page/security/PMASA-2010-1.php
DEBIAN http://www.debian.org/security/2010/dsa-2034
SECUNIA http://secunia.com/advisories/38211
http://secunia.com/advisories/39503
SUSE http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00007.html
VUPEN http://www.vupen.com/english/advisories/2010/0910

Alert History

If you want to see full details history, please login or register.
0
1
DateInformations
2014-02-17 10:48:06
  • Multiple Updates
2013-05-11 00:38:49
  • Multiple Updates