FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

phpmyadmin -- Full path disclosure vulnerability in SQL parser

Affected packages
4.5.0 <= phpmyadmin < 4.5.4

Details

VuXML ID 78b4ebfb-c60b-11e5-bf36-6805ca0b3d42
Discovery 2016-01-28
Entry 2016-01-28

The phpMyAdmin development team reports:

By calling a particular script that is part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed.

We consider this vulnerability to be non-critical.

This path disclosure is possible on servers where the recommended setting of the PHP configuration directive display_errors is set to on, which is against the recommendations given in the PHP manual for a production server.

References

CVE Name CVE-2016-2044
URL https://www.phpmyadmin.net/security/PMASA-2016-8/