CVE-2012-4219
Published: 21 August 2012
show_config_errors.php in phpMyAdmin 3.5.x before 3.5.2.1 allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message, related to lack of inclusion of the common.inc.php library file.
Notes
Author | Note |
---|---|
jdstrand | per upstream: For the error messages to be displayed, php.ini's error_reporting must be set to E_ALL and display_errors must be On (these settings are not recommended on a production server in the PHP manual). only 3.5.x is affected |
Priority
Status
Package | Release | Status |
---|---|---|
phpmyadmin Launchpad, Ubuntu, Debian |
hardy |
Not vulnerable
|
lucid |
Not vulnerable
|
|
natty |
Not vulnerable
|
|
oneiric |
Not vulnerable
|
|
precise |
Not vulnerable
|
|
upstream |
Released
(3.5.2.1)
|