Description
Directory traversal vulnerability in get_file.php in phpMyBackupPro 2.1 through 2.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this vulnerability exists due to an incomplete fix to CVE-2015-4180.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Amol Naik · textwebappsphp
https://www.exploit-db.com/exploits/10169
References (1)
Core 1
Core References
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2015/06/04/10
Scores
CVSS v3
7.5
EPSS
0.1130
EPSS Percentile
93.6%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-22
Status
published
Products (5)
phpmybackuppro/phpmybackuppro
2.1
phpmybackuppro/phpmybackuppro
2.2
phpmybackuppro/phpmybackuppro
2.3
phpmybackuppro/phpmybackuppro
2.4
phpmybackuppro/phpmybackuppro
2.5
Published
Aug 25, 2017
Tracked Since
Feb 18, 2026