Candidate: CVE-2016-5730
PublicDate: 2016-07-03 01:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5730
 https://www.phpmyadmin.net/security/PMASA-2016-23/
Description:
 phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before
 4.6.3 allows remote attackers to obtain sensitive information via vectors
 involving (1) an array value to FormDisplay.php, (2) incorrect data to
 validate.php, (3) unexpected data to Validator.php, (4) a missing config
 directory during setup, or (5) an incorrect OpenID identifier data type,
 which reveals the full path in an error message.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by: Emanuel Bronshtein
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N [5.3 MEDIUM]

Patches_phpmyadmin:
upstream_phpmyadmin: released (4:4.6.3-1)
precise_phpmyadmin: ignored (reached end-of-life)
precise/esm_phpmyadmin: DNE (precise was needed)
trusty_phpmyadmin: ignored (out of standard support)
trusty/esm_phpmyadmin: needed
vivid/stable-phone-overlay_phpmyadmin: DNE
vivid/ubuntu-core_phpmyadmin: DNE
wily_phpmyadmin: ignored (reached end-of-life)
xenial_phpmyadmin: ignored (end of standard support, was needed)
yakkety_phpmyadmin: not-affected (4:4.6.3-1)
zesty_phpmyadmin: not-affected (4:4.6.3-1)
artful_phpmyadmin: not-affected (4:4.6.3-1)
bionic_phpmyadmin: not-affected (4:4.6.3-1)
cosmic_phpmyadmin: not-affected (4:4.6.3-1)
disco_phpmyadmin: not-affected (4:4.6.3-1)
eoan_phpmyadmin: DNE
focal_phpmyadmin: not-affected (4:4.6.3-1)
groovy_phpmyadmin: not-affected (4:4.6.3-1)
hirsute_phpmyadmin: not-affected (4:4.6.3-1)
impish_phpmyadmin: not-affected (4:4.6.3-1)
jammy_phpmyadmin: not-affected (4:4.6.3-1)
devel_phpmyadmin: not-affected (4:4.6.3-1)