CVE-2007-0095 — Phpmyadmin vulnerability

6 documents5 sources

Severity

5.0MEDIUMNVD

EPSS

0.7%

top 27.84%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Phpmyadmin Debian Phpmyadmin

Timeline

PublishedJan 5

Latest updateMay 1

Description

phpMyAdmin 2.9.1.1 allows remote attackers to obtain sensitive information via a direct request for themes/darkblue_orange/layout.inc.php, which reveals the path in an error message.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/phpmyadmin< phpmyadmin 4:2.9.1.1-1 (bookworm)

▶Debianphpmyadmin/phpmyadmin< 4:2.9.1.1-1+3

▶NVDphpmyadmin/phpmyadmin2.9.1.1

🔴Vulnerability Details

GHSA

GHSA-72c5-c55w-559j: phpMyAdmin 2↗2022-05-01

▶

OSV

CVE-2007-0095: phpMyAdmin 2↗2007-01-05

▶

📋Vendor Advisories

Debian

CVE-2007-0095: phpmyadmin - phpMyAdmin 2.9.1.1 allows remote attackers to obtain sensitive information via a...↗2007

▶

💬Community

Bugzilla

CVE-2007-0957 krb5_klog_syslog() stack buffer overflow↗2007-03-08

▶

Bugzilla

CVE-2007-0095: phpMyAdmin <= 2.9.1.1 information disclosure↗2007-01-06

▶