CVE-2015-4180

HIGH

phpMyBackupPro 2.1-2.4 - Path Traversal via View Parameter

Title source: llm
STIX 2.1

Description

Directory traversal vulnerability in get_file.php in phpMyBackupPro 2.1 through 2.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this vulnerability exists due to an incomplete fix to CVE-2009-4050.

References (1)

Core 1
Core References
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2015/06/04/10

Scores

CVSS v3 7.5
EPSS 0.0292
EPSS Percentile 85.3%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-22
Status published
Products (4)
phpmybackuppro/phpmybackuppro 2.1
phpmybackuppro/phpmybackuppro 2.2
phpmybackuppro/phpmybackuppro 2.3
phpmybackuppro/phpmybackuppro 2.4
Published Aug 25, 2017
Tracked Since Feb 18, 2026