FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

phpMyAdmin -- path disclosure vulnerability

Affected packages
4.5.0 <= phpMyAdmin <


VuXML ID 88f75070-abcf-11e5-83d3-6805ca0b3d42
Discovery 2015-12-25
Entry 2015-12-26

The phpMyAdmin development team reports:

By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed.

We consider these vulnerabilities to be non-critical.

This path disclosure is possible on servers where the recommended setting of the PHP configuration directive display_errors is set to on, which is against the recommendations given in the PHP manual for a production server.


CVE Name CVE-2015-8669