CVE-2006-6373 — Phpmyadmin vulnerability

5 documents5 sources

Severity

5.0MEDIUMNVD

EPSS

0.4%

top 39.83%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Phpmyadmin Debian Phpmyadmin

Timeline

PublishedDec 7

Latest updateMay 1

Description

PhpMyAdmin 2.7.0-pl2 allows remote attackers to obtain sensitive information via a direct request for libraries/common.lib.php, which reveals the path in an error message.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/phpmyadmin< phpmyadmin 4:2.9.1.1-1 (bookworm)

▶Debianphpmyadmin/phpmyadmin< 4:2.9.1.1-1+3

▶NVDphpmyadmin/phpmyadmin2.7.0_pl2

🔴Vulnerability Details

GHSA

GHSA-mq5q-8qfv-7pqr: PhpMyAdmin 2↗2022-05-01

▶

OSV

CVE-2006-6373: PhpMyAdmin 2↗2006-12-07

▶

📋Vendor Advisories

Debian

CVE-2006-6373: phpmyadmin - PhpMyAdmin 2.7.0-pl2 allows remote attackers to obtain sensitive information via...↗2006

▶

💬Community

Bugzilla

phpMyAdmin < 2.9.1.1 multiple vulnerabilities↗2006-12-07

▶