Main Vulnerability Database SB2012041910

SB2012041910 - Information disclosure in phpmyadmin (Alpine package)

Published: April 19, 2012

Security Bulletin ID SB2012041910

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Information disclosure (CVE-ID: CVE-2012-1902)

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

show_config_errors.php in phpMyAdmin 3.4.x before 3.4.10.2, when a configuration file does not exist, allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message about this missing file.

Remediation

Install update from vendor's website.

References

https://git.alpinelinux.org/aports/commit/?id=1ec60473f59384e9e75ed2ad07711b00a569a8c0
https://git.alpinelinux.org/aports/commit/?id=866a1232353137658d516a1e88a4803db17f8b62
https://git.alpinelinux.org/aports/commit/?id=5940ec47e9137391fcb4857f5f5292e95d262981