{"id":"CVE-2004-1148","details":"phpMyAdmin before 2.6.1, when configured with UploadDir functionality, allows remote attackers to read arbitrary files via the sql_localfile parameter.","modified":"2026-04-10T03:36:33.125528Z","published":"2005-01-10T05:00:00Z","references":[{"type":"ADVISORY","url":"http://www.exaprobe.com/labs/advisories/esa-2004-1213.html"},{"type":"WEB","url":"http://marc.info/?l=bugtraq&m=110295781828323&w=2"},{"type":"WEB","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/18441"}],"schema_version":"1.7.5"}