CVE-2013-5000Sensitive Information Exposure in Phpmyadmin

CWE-200Sensitive Information ExposureCWE-20Improper Input Validation14 documents7 sources
Severity
5.0MEDIUMNVD
EPSS
0.3%
top 51.63%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
PhpmyadminDebian Phpmyadmin
Timeline
PublishedJul 31
Latest updateMay 17

Description

phpMyAdmin 3.5.x before 3.5.8.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the installation path in an error message, related to config.default.php and other files.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

debiandebian/phpmyadmin< phpmyadmin 4:4.0.4.2-1 (bookworm)
Debianphpmyadmin/phpmyadmin< 4:4.0.4.2-1+3
NVDphpmyadmin/phpmyadmin12 versions+11

🔴Vulnerability Details

2
GHSA
GHSA-cq7h-9hgp-vpjq: phpMyAdmin 32022-05-17
OSV
CVE-2013-5000: phpMyAdmin 32013-07-31

💥Exploits & PoCs

7
Exploit-DB
Microsoft Office 2007 - 'OGL.dll' ValidateBitmapInfo Bounds Check Failure (MS15-097)2015-09-16
Exploit-DB
Microsoft Office 2007 - BIFFRecord Length Use-After-Free2015-09-16
Exploit-DB
Microsoft Office 2007 - OLESSDirectyEntry.CreateTime Type Confusion2015-09-16
Exploit-DB
Synology DSM 4.3-3810 - Directory Traversal2013-12-24
Exploit-DB
ALLPlayer 5.7 - '.m3u' UNICODE Buffer Overflow (SEH)2013-11-24

📋Vendor Advisories

3
Cisco
Cisco Device Manager Command Execution Vulnerability2013-04-24
Debian
CVE-2013-5000: phpmyadmin - phpMyAdmin 3.5.x before 3.5.8.2 allows remote attackers to obtain sensitive info...2013
Cisco
Cisco Device Manager Command Execution Vulnerability

💬Community

1
Bugzilla
CVE-2013-4998 CVE-2013-4999 CVE-2013-5000 phpMyAdmin: Multiple full path disclosure flaws (PMASA-2013-12)2013-07-29