phpmyadmin -- Multiple full path disclosure vulnerabilities
The phpMyAdmin development team reports:
By calling some scripts that are part of phpMyAdmin in an
unexpected way, it is possible to trigger phpMyAdmin to
display a PHP error message which contains the full path of
the directory where phpMyAdmin is installed.
We consider these vulnerabilities to be non-critical.
This path disclosure is possible on servers where the
recommended setting of the PHP configuration directive
display_errors is set to on, which is against the
recommendations given in the PHP manual for a production
Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright