CVE-2015-8669 — Sensitive Information Exposure in Phpmyadmin

CWE-200 — Sensitive Information Exposure5 documents5 sources

Severity

5.3MEDIUMNVD

EPSS

0.5%

top 34.52%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Phpmyadmin Debian Phpmyadmin

Timeline

PublishedDec 26

Latest updateMay 17

Description

libraries/config/messages.inc.php in phpMyAdmin 4.0.x before 4.0.10.12, 4.4.x before 4.4.15.2, and 4.5.x before 4.5.3.1 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages3 packages

▶debiandebian/phpmyadmin< phpmyadmin 4:4.5.3.1-1 (bookworm)

▶Debianphpmyadmin/phpmyadmin< 4:4.5.3.1-1+3

▶NVDphpmyadmin/phpmyadmin50 versions+49

🔴Vulnerability Details

GHSA

GHSA-mrjr-q5hm-729r: libraries/config/messages↗2022-05-17

▶

OSV

CVE-2015-8669: libraries/config/messages↗2015-12-26

▶

📋Vendor Advisories

Debian

CVE-2015-8669: phpmyadmin - libraries/config/messages.inc.php in phpMyAdmin 4.0.x before 4.0.10.12, 4.4.x be...↗2015

▶

💬Community

Bugzilla

CVE-2015-8669 phpMyAdmin: path disclosure (PMASA-2015-6)↗2015-12-25

▶