phpmyadmin -- Full path disclosure vulnerability in SQL parser
The phpMyAdmin development team reports:
By calling a particular script that is part of phpMyAdmin
in an unexpected way, it is possible to trigger phpMyAdmin
to display a PHP error message which contains the full path
of the directory where phpMyAdmin is installed.
We consider this vulnerability to be non-critical.
This path disclosure is possible on servers where the
recommended setting of the PHP configuration directive
display_errors is set to on, which is against the
recommendations given in the PHP manual for a production
Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright