Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2012-1902

show_config_errors.php in phpMyAdmin 3.4.x before 3.4.10.2, when a configuration file does not exist, allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message about this missing file.

Related bugs and status

CVE-2012-1902 (Candidate) is related to these bugs:

Bug #1441568: CVE 2012-1902: Path disclosure due to missing verification of file presence.

Summary				In	Importance	Status
	1441568	CVE 2012-1902: Path disclosure due to missing verification of file presence.		phpmyadmin (Ubuntu)	Undecided	Expired

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://www.phpmyadmin....
CONFIRM: https://github.com/php...
FEDORA: FEDORA-2012-5599
XF: phpmyadmin-showconfige...
FEDORA: FEDORA-2012-5624
FEDORA: FEDORA-2012-5631
BID: 52858
MANDRIVA: MDVSA-2012:050