5

CVE-2012-4219

Exploit
show_config_errors.php in phpMyAdmin 3.5.x before 3.5.2.1 allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message, related to lack of inclusion of the common.inc.php library file.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PhpmyadminPhpmyadmin Version3.5.0.0
PhpmyadminPhpmyadmin Version3.5.1.0
PhpmyadminPhpmyadmin Version3.5.2.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.3% 0.811
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://www.phpmyadmin.net/home_page/security/PMASA-2012-3.php
Vendor Advisory
https://github.com/phpmyadmin/phpmyadmin/commit/0f0c2f1e2b3ece41cc1bb99a9931c8fcc7c917bc
Exploit
https://hermes.opensuse.org/messages/15513071