CVE-2012-1902

Loading...

General

Score:4.3/10.0
Severity:Low
Category:Information Leak / Disclosure
Exploit:Available

Impact Metrics

Confidentiality:Partial
Integrity:None
Availability:None

Exploitability Metrics

Access Vector:Network
Access Complexity:Medium
Authentication:None

Published on 06/04/12 - Updated on 18/01/18

Description

show_config_errors.php in phpMyAdmin 3.4.x before 3.4.10.2, when a configuration file does not exist, allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message about this missing file.

Category: Information Leak / Disclosure

CWE-200 (Information Exposure)
An information exposure is the intentional or unintentional disclosure of information to an actor that is not explicitly authorized to have access to that information.

Security Notices

US National Vulnerability DatabaseCVE-2012-1902
Agence Nationale de la Sécurité des Systèmes d'Information CERTA-2012-AVI-201
Renater 2012/VULN162

Exploits

SecurityFocusBID-52858

Relative technologies

VendorProduct
phpmyadminphpmyadmin

Share this vulnerability with:

Twitter Facebook LinkedIn Mail