Description

phpMyAdmin before 2.9.1-rc1 has a libraries directory under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information via direct requests for certain files.

Remediation

References

CVE-2006-5117

Related Vulnerabilities

PHP Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2014-5459)

WordPress Plugin Easy Media Download Cross-Site Scripting (1.1.4)

phpMyAdmin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-9856)

WordPress Plugin LearnPress-WordPress LMS Security Bypass (3.2.6.6)

Joomla Improper Input Validation Vulnerability (CVE-2006-1957)

Severity

Medium

Classification

CVE-2006-5117

Tags

Missing Update Known Vulnerabilities