CVE-2012-4219
Published: 21 August 2012
show_config_errors.php in phpMyAdmin 3.5.x before 3.5.2.1 allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message, related to lack of inclusion of the common.inc.php library file.
Notes
| Author | Note |
|---|---|
| jdstrand | per upstream: For the error messages to be displayed, php.ini's error_reporting must be set to E_ALL and display_errors must be On (these settings are not recommended on a production server in the PHP manual). only 3.5.x is affected |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
phpmyadmin Launchpad, Ubuntu, Debian |
hardy |
Not vulnerable
|
| lucid |
Not vulnerable
|
|
| natty |
Not vulnerable
|
|
| oneiric |
Not vulnerable
|
|
| precise |
Not vulnerable
|
|
| upstream |
Released
(3.5.2.1)
|