CVE-2012-4219
Publication date 21 August 2012
Last updated 24 July 2024
Ubuntu priority
show_config_errors.php in phpMyAdmin 3.5.x before 3.5.2.1 allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message, related to lack of inclusion of the common.inc.php library file.
Status
Package | Ubuntu Release | Status |
---|---|---|
phpmyadmin | 12.04 LTS precise |
Not affected
|
11.10 oneiric |
Not affected
|
|
11.04 natty |
Not affected
|
|
10.04 LTS lucid |
Not affected
|
|
8.04 LTS hardy |
Not affected
|
Notes
jdstrand
per upstream: For the error messages to be displayed, php.ini’s error_reporting must be set to E_ALL and display_errors must be On (these settings are not recommended on a production server in the PHP manual). only 3.5.x is affected