CVE-2009-4050

phpMyBackupPro 2.1 - Path Traversal

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-4050.

AI-analyzed exploit summary The document describes an arbitrary file download vulnerability in phpMyBackupPro v2.1, where the 'view' parameter in 'get_file.php' is not properly sanitized, allowing attackers to download sensitive files like '/etc/passwd'. The technical details include vulnerable code snippets and a proof-of-concept URL.

Description

Directory traversal vulnerability in get_file.php in phpMyBackupPro 2.1 allows remote attackers to read arbitrary files via directory traversal sequences in the view parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Exploits (1)

exploitdb WRITEUP

webappsphp

https://www.exploit-db.com/exploits/10169

View Code ZIP pw:eip

The document describes an arbitrary file download vulnerability in phpMyBackupPro v2.1, where the 'view' parameter in 'get_file.php' is not properly sanitized, allowing attackers to download sensitive files like '/etc/passwd'. The technical details include vulnerable code snippets and a proof-of-concept URL.

Classification

Writeup 100%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: phpMyBackupPro v2.1 and possibly earlier versions

No auth needed

Prerequisites: Access to the vulnerable 'get_file.php' endpoint

MITRE ATT&CK

T1530 - Data from Cloud Storage

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (2)

Core 2

Core References

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/37370

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/60073

Scores

EPSS 0.0761

EPSS Percentile 93.8%

Details

CWE

CWE-22

Status published

Products (1)

phpmybackuppro/phpmybackuppro 2.1

Published Nov 23, 2009

Tracked Since Feb 18, 2026