phpMyAdmin Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2009-1148)
Description
Directory traversal vulnerability in bs_disp_as_mime_type.php in the BLOB streaming feature in phpMyAdmin before 3.1.3.1 allows remote attackers to read arbitrary files via directory traversal sequences in the file_path parameter ($filename variable).