CVE-2016-2042Sensitive Information Exposure in Phpmyadmin

CWE-200Sensitive Information Exposure6 documents6 sources
Severity
5.3MEDIUMNVD
EPSS
0.6%
top 31.17%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
PhpmyadminDebian PhpmyadminFedoraproject Fedora+2 more
Timeline
PublishedFeb 20
Latest updateMay 14

Description

phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request to (1) libraries/phpseclib/Crypt/AES.php or (2) libraries/phpseclib/Crypt/Rijndael.php, which reveals the full path in an error message.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages5 packages

debiandebian/phpmyadmin< phpmyadmin 4:4.5.4-1 (bookworm)
Debianphpmyadmin/phpmyadmin< 4:4.5.4-1+3
NVDphpmyadmin/phpmyadmin27 versions+26
NVDopensuse/leap42.1
NVDopensuse/opensuse13.1, 13.2+1

Also affects: Fedora 22, 23

Patches

Patch: www.phpmyadmin.netPatch: github.comPatch: www.phpmyadmin.net

🔴Vulnerability Details

2
GHSA
GHSA-g564-g9wm-3q4m: phpMyAdmin 42022-05-14
OSV
CVE-2016-2042: phpMyAdmin 42016-02-20

📋Vendor Advisories

2
Red Hat
phpMyAdmin: Multiple full path disclosure vulnerabilities (PMASA-2016-6)2016-01-28
Debian
CVE-2016-2042: phpmyadmin - phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote attackers ...2016

💬Community

1
Bugzilla
CVE-2016-2042 phpMyAdmin: Multiple full path disclosure vulnerabilities (PMASA-2016-6)2016-01-28