PhpMyAdmin 'show_config_errors.php' Information Disclosure Vulnerability Network Vulnerability

Summary

This host is running phpMyAdmin and is prone to information disclosure vulnerability.

Impact

Successful exploitation will allow attacker to obtain sensitive information that could aid in further attacks. Impact Level: Application

Solution

Upgrade to phpMyAdmin 3.4.10.2 or Apply the patch from below link, http://www.phpmyadmin.net/home_page/downloads.php https://github.com/phpmyadmin/phpmyadmin/commit/c51817d3b8cb05ff54dca9373c0667e29b8498d4

Insight

The flaw is due to an input validation error in 'show_config_errors.php'. When a configuration file does not exist, allows remote attackers to obtain sensitive information via a direct request.

Affected

phpMyAdmin Version 3.4.10.2 and prior

References

http://english.securitylab.ru/nvd/422861.php
http://osvdb.org/80729
http://www.auscert.org.au/render.html?it=15653
http://www.phpmyadmin.net/home_page/security/PMASA-2012-2.php
https://bugzilla.redhat.com/show_bug.cgi?id=809146

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-1902

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Allaire JRun directory browsing vulnerability
Aardvark Topsites PHP 'index.php' Multiple Cross Site Scripting Vulnerabilities
Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability
Apache mod_proxy_ftp Wildcard Characters XSS Vulnerability
APC PowerChute Network Shutdown 'security/applet' Cross Site Scripting Vulnerability

phpMyAdmin 'show_config_errors.php' Information Disclosure Vulnerability

Take action and discover your vulnerabilities