CVE-2008-7251

Executive Summary

Informations
Name	CVE-2008-7251	First vendor Publication	2010-01-19
Vendor	Cve	Last vendor Modification	2010-05-06

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score	10	Attack Range	Network
Cvss Impact Score	10	Attack Complexity	Low
Cvss Expoit Score	10	Authentification	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 creates a temporary directory with 0777 permissions, which has unknown impact and attack vectors.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7251

CWE : Common Weakness Enumeration

id	Name
CWE-264	Permissions, Privileges, and Access Controls

CPE : Common Platform Enumeration

Type	Description	Count
Application	Phpmyadmin Phpmyadmin cpe:/a:phpmyadmin:phpmyadmin:2.11.9.6 cpe:/a:phpmyadmin:phpmyadmin:2.11.9.5 cpe:/a:phpmyadmin:phpmyadmin:2.11.9.4 cpe:/a:phpmyadmin:phpmyadmin:2.11.9.3 cpe:/a:phpmyadmin:phpmyadmin:2.11.9.2 cpe:/a:phpmyadmin:phpmyadmin:2.11.9.1 cpe:/a:phpmyadmin:phpmyadmin:2.11.9.0 cpe:/a:phpmyadmin:phpmyadmin:2.11.9 cpe:/a:phpmyadmin:phpmyadmin:2.11.8 cpe:/a:phpmyadmin:phpmyadmin:2.11.7.0 cpe:/a:phpmyadmin:phpmyadmin:2.11.7 cpe:/a:phpmyadmin:phpmyadmin:2.11.6rc1 cpe:/a:phpmyadmin:phpmyadmin:2.11.6.0 cpe:/a:phpmyadmin:phpmyadmin:2.11.6:rc1 cpe:/a:phpmyadmin:phpmyadmin:2.11.6 cpe:/a:phpmyadmin:phpmyadmin:2.11.5rc1 cpe:/a:phpmyadmin:phpmyadmin:2.11.5.2 cpe:/a:phpmyadmin:phpmyadmin:2.11.5.1 cpe:/a:phpmyadmin:phpmyadmin:2.11.5.0 cpe:/a:phpmyadmin:phpmyadmin:2.11.5:rc1 cpe:/a:phpmyadmin:phpmyadmin:2.11.5 cpe:/a:phpmyadmin:phpmyadmin:2.11.4rc1 cpe:/a:phpmyadmin:phpmyadmin:2.11.4.0 cpe:/a:phpmyadmin:phpmyadmin:2.11.4:rc1 cpe:/a:phpmyadmin:phpmyadmin:2.11.4 cpe:/a:phpmyadmin:phpmyadmin:2.11.3rc1 cpe:/a:phpmyadmin:phpmyadmin:2.11.3.0 cpe:/a:phpmyadmin:phpmyadmin:2.11.3 cpe:/a:phpmyadmin:phpmyadmin:2.11.3:rc1 cpe:/a:phpmyadmin:phpmyadmin:2.11.2.2 cpe:/a:phpmyadmin:phpmyadmin:2.11.2.1 cpe:/a:phpmyadmin:phpmyadmin:2.11.2.0 cpe:/a:phpmyadmin:phpmyadmin:2.11.2 cpe:/a:phpmyadmin:phpmyadmin:2.11.1rc1 cpe:/a:phpmyadmin:phpmyadmin:2.11.1.2 cpe:/a:phpmyadmin:phpmyadmin:2.11.1.1 cpe:/a:phpmyadmin:phpmyadmin:2.11.1.0 cpe:/a:phpmyadmin:phpmyadmin:2.11.1:rc1 cpe:/a:phpmyadmin:phpmyadmin:2.11.1 cpe:/a:phpmyadmin:phpmyadmin:2.11.0rc1 cpe:/a:phpmyadmin:phpmyadmin:2.11.0beta1 cpe:/a:phpmyadmin:phpmyadmin:2.11.0.0 cpe:/a:phpmyadmin:phpmyadmin:2.11.0:beta1 cpe:/a:phpmyadmin:phpmyadmin:2.11.0:rc1 cpe:/a:phpmyadmin:phpmyadmin:2.11.0	45

Open Source Vulnerability Database (OSVDB)

id	Description
61859	phpMyAdmin libraries/File.class.php Temporary Directory Permission Weakness U...

Internal Sources (Detail)

Source	Url
BID	http://www.securityfocus.com/bid/37826
CONFIRM	http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin?view=rev&revision... http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/QA_2_11/phpM... http://www.phpmyadmin.net/home_page/security/PMASA-2010-1.php
DEBIAN	http://www.debian.org/security/2010/dsa-2034
SECUNIA	http://secunia.com/advisories/38211 http://secunia.com/advisories/39503
SUSE	http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00007.html
VUPEN	http://www.vupen.com/english/advisories/2010/0910

Alert History

If you want to see full details history, please login or register.

Date	Informations
2013-05-11 00:38:49	Multiple Updates

Related	Severity
MDVSA-2010:018	(Critical)
GLSA-201201-01	(Critical)
DSA-2034	(Critical)

Same Subject	Severity
Login to view 22 more Alert(s)

Copyright Security-Database 2006-2013 - Powered by themself ;) in 0.0321s

Facebook rss twitter linkedin mail