CVE-2016-9855Sensitive Information Exposure in Phpmyadmin

CWE-200Sensitive Information Exposure4 documents4 sources
Severity
5.3MEDIUMNVD
EPSS
0.7%
top 27.41%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
PhpmyadminDebian Phpmyadmin
Timeline
PublishedDec 11
Latest updateMay 17

Description

An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. During an execution timeout in the export functionality, the errors containing the full path of the directory of phpMyAdmin are written to the export file. All 4.6.x versions (prior to 4.6.5), and 4.4.x versions (prior to 4.4.15.9) are affect

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages3 packages

debiandebian/phpmyadmin< phpmyadmin 4:4.6.5.1-1 (bookworm)
Debianphpmyadmin/phpmyadmin< 4:4.6.5.1-1+3
NVDphpmyadmin/phpmyadmin33 versions+32

Patches

Patch: www.phpmyadmin.netPatch: www.phpmyadmin.net

🔴Vulnerability Details

2
GHSA
GHSA-wcgr-wpcg-82c8: An issue was discovered in phpMyAdmin2022-05-17
OSV
CVE-2016-9855: An issue was discovered in phpMyAdmin2016-12-11

📋Vendor Advisories

1
Debian
CVE-2016-9855: phpmyadmin - An issue was discovered in phpMyAdmin. By calling some scripts that are part of ...2016