CVE-2008-5587 Scanner
Detects 'Directory Traversal' vulnerability in phpPgAdmin affects v. 4.2.1 and earlier.
Short Info
Level
Medium
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
1 month
Scan only one
URL
Toolbox
-
PhpPgAdmin is an open-source web-based administration tool for managing PostgreSQL databases. It provides a user-friendly interface for database administrators to manage and control their databases with ease. The tool is written in PHP and is widely used by developers and database administrators alike.
CVE-2008-5587 is a directory traversal vulnerability found in the libraries/lib.inc.php file of phpPgAdmin 4.2.1 and earlier versions. The vulnerability is triggered when the register_globals feature is enabled, allowing remote attackers to gain unauthorized access to sensitive files by manipulating the _language parameter to index.php.
Exploiting this vulnerability can lead to unauthorized disclosure of sensitive data, which can be devastating for organizations that rely on this tool to manage their databases. Attackers can use this vulnerability to gather sensitive data, such as passwords, configuration files, and other critical information, which can be used to compromise the system.
To protect against this vulnerability, it is essential to follow some simple steps, such as disabling the register_globals feature, applying security patches and updates to the software, and implementing access control and authentication mechanisms to limit unauthorized access.
Securityforall.com provides a detailed analysis of vulnerabilities in digital assets, including web applications, databases, and network infrastructures. The platform offers a range of pro features that allow users to quickly and easily identify vulnerabilities in their digital assets, including vulnerability scanning, penetration testing, and asset management. With securityforall.com, organizations can be proactive in managing their security risks, ensuring that they are always one step ahead of potential threats.
REFERENCES
- http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
- http://lists.opensuse.org/opensuse-updates/2012-04/msg00033.html
- http://securityreason.com/securityalert/4737
- http://www.debian.org/security/2008/dsa-1693
- http://www.securityfocus.com/bid/32670
- https://exchange.xforce.ibmcloud.com/vulnerabilities/47140
- https://www.exploit-db.com/exploits/7363
