FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

phpmyadmin -- information disclosure vulnerability

Affected packages
phpmyadmin < 2.6.1.2
phpMyAdmin < 2.6.1.2

Details

VuXML ID a7062952-9023-11d9-a22c-0001020eed82
Discovery 2005-02-22
Entry 2005-03-08

A phpMyAdmin security announcement reports:

By calling some scripts that are part of phpMyAdmin in an unexpected way (especially scripts in the libraries subdirectory), it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed.

Mitigation factor: This path disclosure is possible on servers where the recommended setting of the PHP configuration directive display_errors is set to on, which is against the recommendations given in the PHP manual.

References

CVE Name CVE-2005-0544
URL http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2005-2