CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
EPSS
Percentile
71.9%
show_config_errors.php in phpMyAdmin 3.5.x before 3.5.2.1 allows remote
attackers to obtain sensitive information via a direct request, which
reveals the installation path in an error message, related to lack of
inclusion of the common.inc.php library file.
Author | Note |
---|---|
jdstrand | per upstream: For the error messages to be displayed, php.iniâs error_reporting must be set to E_ALL and display_errors must be On (these settings are not recommended on a production server in the PHP manual). only 3.5.x is affected |