libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 uses predictable filenames for temporary files, which has unknown impact and attack vectors.
oryginał ENCVSS Vector
AV:N/AC:L/Au:N/C:C/I:C/A:CPhpmyadmin
APPPhpmyadmin2.11.02.11.0.02.11.0beta12.11.0rc12.11.12.11.1.02.11.1.12.11.1.22.11.1rc12.11.22.11.2.02.11.2.12.11.2.22.11.32.11.3.0+ 23 więcej
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje
Powiązane podatności
CVE-2009-1151CRITICAL9.8⚠ KEVten sam produkt
Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 a...
CVE-2020-22452CRITICAL9.8ten sam produkt
SQL Injection vulnerability in function getTableCreationQuery in CreateAddField.php in phpMyAdmin 5.x before 5...
CVE-2020-26935CRITICAL9.8ten sam produkt
An issue was discovered in SearchController in phpMyAdmin before 4.9.6 and 5.x before 5.0.3. A SQL injection v...
CVE-2019-19617CRITICAL9.8ten sam produkt
phpMyAdmin before 4.9.2 does not escape certain Git information, related to libraries/classes/Display/GitRevis...
CVE-2019-18622CRITICAL9.8ten sam produkt
An issue was discovered in phpMyAdmin before 4.9.2. A crafted database/table name can be used to trigger a SQL...