CVE-2008-1924

Name of the Vulnerable Software and Affected Versions phpMyAdmin versions prior to 2.11.5.2

Description The issue allows remote authenticated users with CREATE table permissions to read arbitrary files via a crafted HTTP POST request. This is related to the use of an undefined UploadDir variable when running on shared hosts.

Recommendations For versions prior to 2.11.5.2, update to version 2.11.5.2 or later to resolve the issue. As a temporary workaround, consider restricting the CREATE table permissions for remote authenticated users until the update is applied.