Summary
This host is running phpMyAdmin and is prone to information disclosure vulnerability.
Impact
Successful exploitation will allow attacker to obtain sensitive information that could aid in further attacks.
Impact Level: Application
Solution
Upgrade to phpMyAdmin 3.4.10.2 or Apply the patch from below link, http://www.phpmyadmin.net/home_page/downloads.php
https://github.com/phpmyadmin/phpmyadmin/commit/c51817d3b8cb05ff54dca9373c0667e29b8498d4
Insight
The flaw is due to an input validation error in
'show_config_errors.php'. When a configuration file does not exist, allows remote attackers to obtain sensitive information via a direct request.
Affected
phpMyAdmin Version 3.4.10.2 and prior
References
Severity
Classification
-
CVE CVE-2012-1902 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Andy's PHP Knowledgebase Multiple Cross-Site Scripting Vulnerabilities
- 1024 CMS 1.1.0 Beta 'force_download.php' Local File Include Vulnerability
- Advantech WebAccess Multiple Stack Based Buffer Overflow Vulnerabilities
- AN Guestbook Local File Inclusion Vulnerability
- A Really Simple Chat Multiple XSS Vulnerabilities