CVE-2006-5117

2006-10-0304:03:00

[email protected]

web.nvd.nist.gov

cve-2006-5117

phpmyadmin

access control

web security

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

Confidence

Low

EPSS

0.014

Percentile

86.2%

JSON

phpMyAdmin before 2.9.1-rc1 has a libraries directory under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information via direct requests for certain files.

Affected configurations

NVD

Node

phpmyadminphpmyadminMatch2.8.0.1

phpmyadminphpmyadminMatch2.8.0.2

phpmyadminphpmyadminMatch2.8.0.3

phpmyadminphpmyadminMatch2.8.1

phpmyadminphpmyadminMatch2.8.1_dev

phpmyadminphpmyadminMatch2.8.3

phpmyadminphpmyadminMatch2.8.4

phpmyadminphpmyadminMatch2.9.0_dev

VendorProductVersionCPE
phpmyadminphpmyadmin2.9.0+devcpe:/a:phpmyadmin:phpmyadmin:2.9.0+dev:::
phpmyadminphpmyadmin2.8.3cpe:/a:phpmyadmin:phpmyadmin:2.8.3:::
phpmyadminphpmyadmin2.8.1+devcpe:/a:phpmyadmin:phpmyadmin:2.8.1+dev:::
phpmyadminphpmyadmin2.8.4cpe:/a:phpmyadmin:phpmyadmin:2.8.4:::
phpmyadminphpmyadmin2.8.0.1cpe:/a:phpmyadmin:phpmyadmin:2.8.0.1:::
phpmyadminphpmyadmin2.8.0.2cpe:/a:phpmyadmin:phpmyadmin:2.8.0.2:::
phpmyadminphpmyadmin2.8.0.3cpe:/a:phpmyadmin:phpmyadmin:2.8.0.3:::
phpmyadminphpmyadmin2.8.1cpe:/a:phpmyadmin:phpmyadmin:2.8.1:::

Vendor	Product	Version	CPE
phpmyadmin	phpmyadmin	2.9.0+dev	cpe:/a:phpmyadmin:phpmyadmin:2.9.0+dev:::
phpmyadmin	phpmyadmin	2.8.3	cpe:/a:phpmyadmin:phpmyadmin:2.8.3:::
phpmyadmin	phpmyadmin	2.8.1+dev	cpe:/a:phpmyadmin:phpmyadmin:2.8.1+dev:::
phpmyadmin	phpmyadmin	2.8.4	cpe:/a:phpmyadmin:phpmyadmin:2.8.4:::
phpmyadmin	phpmyadmin	2.8.0.1	cpe:/a:phpmyadmin:phpmyadmin:2.8.0.1:::
phpmyadmin	phpmyadmin	2.8.0.2	cpe:/a:phpmyadmin:phpmyadmin:2.8.0.2:::
phpmyadmin	phpmyadmin	2.8.0.3	cpe:/a:phpmyadmin:phpmyadmin:2.8.0.3:::
phpmyadmin	phpmyadmin	2.8.1	cpe:/a:phpmyadmin:phpmyadmin:2.8.1:::