5.3

CVE-2016-2044

libraries/sql-parser/autoload.php in the SQL parser in phpMyAdmin 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
FedoraprojectFedora Version22
FedoraprojectFedora Version23
PhpmyadminPhpmyadmin Version4.5.0
PhpmyadminPhpmyadmin Version4.5.0.1
PhpmyadminPhpmyadmin Version4.5.0.2
PhpmyadminPhpmyadmin Version4.5.1
PhpmyadminPhpmyadmin Version4.5.2
PhpmyadminPhpmyadmin Version4.5.3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.03% 0.785
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.3 3.9 1.4
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176483.html
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176739.html
Third Party Advisory
http://www.phpmyadmin.net/home_page/security/PMASA-2016-8.php
Patch
Vendor Advisory
https://github.com/phpmyadmin/phpmyadmin/commit/c57d3cc7b97b5f32801032f7bb222297aa97dfea
Patch