CVE-2012-4219 — Sensitive Information Exposure in Phpmyadmin

CWE-200 — Sensitive Information Exposure5 documents5 sources

Severity

5.0MEDIUMNVD

EPSS

0.3%

top 48.29%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Phpmyadmin Debian Phpmyadmin

Timeline

PublishedAug 21

Latest updateMay 17

Description

show_config_errors.php in phpMyAdmin 3.5.x before 3.5.2.1 allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message, related to lack of inclusion of the common.inc.php library file.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/phpmyadmin< phpmyadmin 4:4.0.1-1 (bookworm)

▶Debianphpmyadmin/phpmyadmin< 4:4.0.1-1+3

▶NVDphpmyadmin/phpmyadmin3.5.0.0, 3.5.1.0, 3.5.2.0+2

🔴Vulnerability Details

GHSA

GHSA-8vv2-p6c9-46c2: show_config_errors↗2022-05-17

▶

OSV

CVE-2012-4219: show_config_errors↗2012-08-21

▶

📋Vendor Advisories

Debian

CVE-2012-4219: phpmyadmin - show_config_errors.php in phpMyAdmin 3.5.x before 3.5.2.1 allows remote attacker...↗2012

▶

💬Community

Bugzilla

CVE-2012-4219 phpMyAdmin: show_config_errors.php path disclosure flaw (PMASA-2012-3)↗2012-08-17

▶