CVE-2005-0459 — Externally-Generated Error Message Containing Sensitive Information in Phpmyadmin

CWE-211 — Externally-Generated Error Message Containing Sensitive Information5 documents5 sources

Severity

5.0MEDIUMNVD

EPSS

0.4%

top 41.70%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Phpmyadmin Debian Phpmyadmin

Timeline

PublishedMay 2

Latest updateMay 1

Description

phpMyAdmin 2.6.2-dev, and possibly earlier versions, allows remote attackers to determine the full path of the web root via a direct request to select_lang.lib.php, which reveals the path in a PHP error message.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/phpmyadmin< phpmyadmin 4:2.6.2 (bookworm)

▶Debianphpmyadmin/phpmyadmin< 4:2.6.2+3

▶NVDphpmyadmin/phpmyadmin36 versions+35

🔴Vulnerability Details

GHSA

GHSA-6rjg-fx3r-69qh: phpMyAdmin 2↗2022-05-01

▶

OSV

CVE-2005-0459: phpMyAdmin 2↗2005-05-02

▶

📋Vendor Advisories

Debian

CVE-2005-0459: phpmyadmin - phpMyAdmin 2.6.2-dev, and possibly earlier versions, allows remote attackers to ...↗2005

▶

📐Framework References

CWE

Externally-Generated Error Message Containing Sensitive Information↗

▶