PhpMyAdmin 'phpinfo.php' Security Bypass Vulnerability Network Vulnerability

Summary

The host is running phpMyAdmin and is prone to security bypass vulnerability.

Impact

Successful exploitation will let the unauthenticated attackers to display information related to PHP. Impact Level: Application

Solution

Upgrade to phpMyAdmin version 3.4.0-beta1 or later http://www.phpmyadmin.net/home_page/downloads.php

Insight

The flaw is caused by missing authentication in the 'phpinfo.php' script when 'PMA_MINIMUM_COMMON' is defined. This can be exploited to gain knowledge of sensitive information by requesting the file directly.

Affected

phpMyAdmin version prior to 3.4.0-beta1.

References

http://secunia.com/advisories/42485
http://www.phpmyadmin.net/home_page/security/PMASA-2010-10.php
http://www.vupen.com/english/advisories/2010/3238

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-4481

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Ampache Reflected Cross Site Scripting Vulnerability
Apache Tomcat RemoteFilterValve Security Bypass Vulnerability
Apache Tomcat Cross-Site Scripting and Security Bypass Vulnerabilities
AdaptCMS Lite Cross Site Scripting and Remote File Include Vulnerabilities
AN Guestbook Local File Inclusion Vulnerability

phpMyAdmin 'phpinfo.php' Security bypass Vulnerability

Take action and discover your vulnerabilities