CVE-2015-4180
HIGHphpMyBackupPro 2.1-2.4 - Path Traversal via View Parameter
Title source: llmDescription
Directory traversal vulnerability in get_file.php in phpMyBackupPro 2.1 through 2.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this vulnerability exists due to an incomplete fix to CVE-2009-4050.
References (1)
Core 1
Core References
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2015/06/04/10
Scores
CVSS v3
7.5
EPSS
0.0292
EPSS Percentile
85.3%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-22
Status
published
Products (4)
phpmybackuppro/phpmybackuppro
2.1
phpmybackuppro/phpmybackuppro
2.2
phpmybackuppro/phpmybackuppro
2.3
phpmybackuppro/phpmybackuppro
2.4
Published
Aug 25, 2017
Tracked Since
Feb 18, 2026