CVE-2013-4998 — Sensitive Information Exposure in Phpmyadmin

CWE-200 — Sensitive Information Exposure5 documents5 sources

Severity

5.0MEDIUMNVD

EPSS

0.3%

top 51.63%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Phpmyadmin Debian Phpmyadmin

Timeline

PublishedJul 31

Latest updateMay 17

Description

phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the installation path in an error message, related to pmd_common.php and other files.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/phpmyadmin< phpmyadmin 4:4.0.4.2-1 (bookworm)

▶Debianphpmyadmin/phpmyadmin< 4:4.0.4.2-1+3

▶NVDphpmyadmin/phpmyadmin18 versions+17

🔴Vulnerability Details

GHSA

GHSA-vp7p-rxfv-rwm2: phpMyAdmin 3↗2022-05-17

▶

OSV

CVE-2013-4998: phpMyAdmin 3↗2013-07-31

▶

📋Vendor Advisories

Debian

CVE-2013-4998: phpmyadmin - phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote attackers...↗2013

▶

💬Community

Bugzilla

CVE-2013-4998 CVE-2013-4999 CVE-2013-5000 phpMyAdmin: Multiple full path disclosure flaws (PMASA-2013-12)↗2013-07-29

▶