Unrated severityNVD Advisory· Published Dec 16, 2008· Updated Apr 23, 2026
CVE-2008-5587
CVE-2008-5587
Description
Directory traversal vulnerability in libraries/lib.inc.php in phpPgAdmin 4.2.1 and earlier, when register_globals is enabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the _language parameter to index.php.
Affected products
9cpe:2.3:a:phppgadmin:phppgadmin:*:*:*:*:*:*:*:*+ 8 more
- cpe:2.3:a:phppgadmin:phppgadmin:*:*:*:*:*:*:*:*range: <=4.2.1
- cpe:2.3:a:phppgadmin:phppgadmin:2.2:*:*:*:*:*:*:*
- cpe:2.3:a:phppgadmin:phppgadmin:2.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:phppgadmin:phppgadmin:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:phppgadmin:phppgadmin:3.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:phppgadmin:phppgadmin:3.5:*:*:*:*:*:*:*
- cpe:2.3:a:phppgadmin:phppgadmin:3.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:phppgadmin:phppgadmin:3.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:phppgadmin:phppgadmin:4.1.1:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
9- www.securityfocus.com/bid/32670nvdExploit
- secunia.com/advisories/33014nvdVendor Advisory
- lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.htmlnvd
- lists.opensuse.org/opensuse-updates/2012-04/msg00033.htmlnvd
- secunia.com/advisories/33263nvd
- securityreason.com/securityalert/4737nvd
- www.debian.org/security/2008/dsa-1693nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/47140nvd
- www.exploit-db.com/exploits/7363nvd
News mentions
0No linked articles in our index yet.