Upstream information

CVE-2014-8959 at MITRE


Directory traversal vulnerability in libraries/gis/GIS_Factory.class.php in the GIS editor in phpMyAdmin 4.0.x before, 4.1.x before, and 4.2.x before 4.2.12 allows remote authenticated users to include and execute arbitrary local files via a crafted geometry-type parameter.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having moderate severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 6.5
Vector AV:N/AC:L/Au:S/C:P/I:P/A:P
Access Vector Network
Access Complexity Low
Authentication Single
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact Partial
SUSE Bugzilla entries: 906486 [RESOLVED / FIXED], 908363 [RESOLVED / FIXED], 908364 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
openSUSE Tumbleweed
  • phpMyAdmin >=
openSUSE Tumbleweed GA phpMyAdmin-

SUSE Timeline for this CVE

CVE page created: Thu Nov 20 23:29:34 2014
CVE page last modified: Fri Oct 7 12:46:55 2022