CVE-2008-5587

NUCLEI

phpPgAdmin <4.2.1 - Path Traversal

Title source: llm

Description

Directory traversal vulnerability in libraries/lib.inc.php in phpPgAdmin 4.2.1 and earlier, when register_globals is enabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the _language parameter to index.php.

Exploits (1)

exploitdb WRITEUP VERIFIED
by dun · textwebappsphp
https://www.exploit-db.com/exploits/7363

Nuclei Templates (1)

phpPgAdmin <=4.2.1 - Local File Inclusion
MEDIUMby dhiyaneshDK
Shodan: http.title:"phpPgAdmin" || http.title:phppgadmin || cpe:"cpe:2.3:a:phppgadmin_project:phppgadmin"
FOFA: title=phppgadmin

References (9)

Scores

EPSS 0.0231
EPSS Percentile 84.8%

Details

CWE
CWE-22
Status published
Products (9)
phppgadmin/phppgadmin 2.2
phppgadmin/phppgadmin 2.2.1
phppgadmin/phppgadmin 3.1
phppgadmin/phppgadmin 3.4.1
phppgadmin/phppgadmin 3.5
phppgadmin/phppgadmin 3.5.2
phppgadmin/phppgadmin 3.5.3
phppgadmin/phppgadmin 4.1.1
phppgadmin/phppgadmin < 4.2.1
Published Dec 16, 2008
Tracked Since Feb 18, 2026