CVE-2014-8961

Directory traversal vulnerability in libraries/error_report.lib.php in the error-reporting feature in phpMyAdmin 4.1.x before 4.1.14.7 and 4.2.x before 4.2.12 allows remote authenticated users to obtain potentially sensitive information about a file's line count via a crafted parameter.

CVSS v2.0 4.0 MEDIUM

4.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:S/C:P/I:N/A:N

Exploitability : 8.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://lists.opensuse.org/opensuse-updates/2014-12/msg00017.html	Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2014:228	Broken Link
http://www.phpmyadmin.net/home_page/security/PMASA-2014-16.php	Patch Vendor Advisory
http://www.securityfocus.com/bid/71245
https://github.com/phpmyadmin/phpmyadmin/commit/b99b6b6672ff2419f05b05740c80c7a23c1da994	Patch Vendor Advisory
https://security.gentoo.org/glsa/201505-03
http://lists.opensuse.org/opensuse-updates/2014-12/msg00017.html	Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2014:228	Broken Link
http://www.phpmyadmin.net/home_page/security/PMASA-2014-16.php	Patch Vendor Advisory
http://www.securityfocus.com/bid/71245
https://github.com/phpmyadmin/phpmyadmin/commit/b99b6b6672ff2419f05b05740c80c7a23c1da994	Patch Vendor Advisory
https://security.gentoo.org/glsa/201505-03

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.0:::::::*
	cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.1:::::::*
	cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.2:::::::*
	cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.3:::::::*
	cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.4:::::::*
	cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.5:::::::*
	cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.6:::::::*
	cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.7:::::::*
	cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.8:::::::*
	cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.9:::::::*
	cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.10:::::::*
	cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.11:::::::*
	cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.12:::::::*
	cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.13:::::::*
	cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.14:::::::*
	cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.14.1:::::::*
	cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.14.2:::::::*
	cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.14.3:::::::*
	cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.14.4:::::::*
	cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.14.5:::::::*
	cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.14.6:::::::*
	cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.0:::::::*
	cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.1:::::::*
	cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.2:::::::*
	cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.3:::::::*
	cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.4:::::::*
	cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.5:::::::*
	cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.6:::::::*
	cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.7.1:::::::*
	cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.8:::::::*
	cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.8.1:::::::*
	cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.9:::::::*
	cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.9.1:::::::*
	cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.10.1:::::::*
	cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.11:::::::*

Configuration 2 (hide)

OR	cpe:2.3:o:opensuse:opensuse:12.3:::::::*
	cpe:2.3:o:opensuse:opensuse:13.1:::::::*
	cpe:2.3:o:opensuse:opensuse:13.2:::::::*

History

21 Nov 2024, 02:20

Type	Values Removed	Values Added
References	~~() http://lists.opensuse.org/opensuse-updates/2014-12/msg00017.html - Third Party Advisory~~	() http://lists.opensuse.org/opensuse-updates/2014-12/msg00017.html - Third Party Advisory
References	~~() http://www.mandriva.com/security/advisories?name=MDVSA-2014:228 - Broken Link~~	() http://www.mandriva.com/security/advisories?name=MDVSA-2014:228 - Broken Link
References	~~() http://www.phpmyadmin.net/home_page/security/PMASA-2014-16.php - Patch, Vendor Advisory~~	() http://www.phpmyadmin.net/home_page/security/PMASA-2014-16.php - Patch, Vendor Advisory
References	~~() http://www.securityfocus.com/bid/71245 -~~	() http://www.securityfocus.com/bid/71245 -
References	~~() https://github.com/phpmyadmin/phpmyadmin/commit/b99b6b6672ff2419f05b05740c80c7a23c1da994 - Patch, Vendor Advisory~~	() https://github.com/phpmyadmin/phpmyadmin/commit/b99b6b6672ff2419f05b05740c80c7a23c1da994 - Patch, Vendor Advisory
References	~~() https://security.gentoo.org/glsa/201505-03 -~~	() https://security.gentoo.org/glsa/201505-03 -

Information

Published : 2014-11-30 11:59

Updated : 2024-11-21 02:20

NVD link : CVE-2014-8961

Mitre link : CVE-2014-8961

CVE.ORG link : CVE-2014-8961

JSON object : View

Products Affected

opensuse

opensuse

phpmyadmin

phpmyadmin

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

4.0 /10