Lucene search

MitreCVE-2012-1902

HistoryApr 06, 2012 - 7:55 p.m.

CVE-2012-1902

2012-04-0619:55:01

CWE-200

mitre

web.nvd.nist.gov

cve-2012-1902

phpmyadmin

configuration file

sensitive information disclosure

nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

AI Score

5.8

Confidence

Low

EPSS

0.007

Percentile

79.8%

JSON

show_config_errors.php in phpMyAdmin 3.4.x before 3.4.10.2, when a configuration file does not exist, allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message about this missing file.

Affected configurations

Nvd

Node

phpmyadminphpmyadminMatch3.4.0.0

phpmyadminphpmyadminMatch3.4.1.0

phpmyadminphpmyadminMatch3.4.2.0

phpmyadminphpmyadminMatch3.4.3.0

phpmyadminphpmyadminMatch3.4.3.1

phpmyadminphpmyadminMatch3.4.3.2

phpmyadminphpmyadminMatch3.4.4.0

phpmyadminphpmyadminMatch3.4.5.0

phpmyadminphpmyadminMatch3.4.6.0

phpmyadminphpmyadminMatch3.4.7.0

phpmyadminphpmyadminMatch3.4.7.1

phpmyadminphpmyadminMatch3.4.8.0

phpmyadminphpmyadminMatch3.4.9.0

phpmyadminphpmyadminMatch3.4.10.0

phpmyadminphpmyadminMatch3.4.10.1

VendorProductVersionCPE
phpmyadminphpmyadmin3.4.0.0cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.0.0:*:*:*:*:*:*:*
phpmyadminphpmyadmin3.4.1.0cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.1.0:*:*:*:*:*:*:*
phpmyadminphpmyadmin3.4.2.0cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.2.0:*:*:*:*:*:*:*
phpmyadminphpmyadmin3.4.3.0cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.3.0:*:*:*:*:*:*:*
phpmyadminphpmyadmin3.4.3.1cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.3.1:*:*:*:*:*:*:*
phpmyadminphpmyadmin3.4.3.2cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.3.2:*:*:*:*:*:*:*
phpmyadminphpmyadmin3.4.4.0cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.4.0:*:*:*:*:*:*:*
phpmyadminphpmyadmin3.4.5.0cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.5.0:*:*:*:*:*:*:*
phpmyadminphpmyadmin3.4.6.0cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.6.0:*:*:*:*:*:*:*
phpmyadminphpmyadmin3.4.7.0cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.7.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
phpmyadmin	phpmyadmin	3.4.0.0	cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.0.0:::::::*
phpmyadmin	phpmyadmin	3.4.1.0	cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.1.0:::::::*
phpmyadmin	phpmyadmin	3.4.2.0	cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.2.0:::::::*
phpmyadmin	phpmyadmin	3.4.3.0	cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.3.0:::::::*
phpmyadmin	phpmyadmin	3.4.3.1	cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.3.1:::::::*
phpmyadmin	phpmyadmin	3.4.3.2	cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.3.2:::::::*
phpmyadmin	phpmyadmin	3.4.4.0	cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.4.0:::::::*
phpmyadmin	phpmyadmin	3.4.5.0	cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.5.0:::::::*
phpmyadmin	phpmyadmin	3.4.6.0	cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.6.0:::::::*
phpmyadmin	phpmyadmin	3.4.7.0	cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.7.0:::::::*