CVE-2009-1148

Name of the Vulnerable Software and Affected Versions phpMyAdmin versions prior to 3.1.3.1

Description The issue allows remote attackers to read arbitrary files via directory traversal sequences in the file path parameter ($filename variable) in the BLOB streaming feature. This is due to a directory traversal vulnerability in the bs disp as mime type.php file.

Recommendations For versions prior to 3.1.3.1, update to version 3.1.3.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the bs disp as mime type.php file to minimize the risk of exploitation. Avoid using the file path parameter in the affected feature until the issue is resolved.