FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2012-1902

This CVE name corresponds to:

Entered Topic
2012-03-28 phpMyAdmin -- Path disclosure due to missing verification of file presence

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2012-1902
Phase Assigned(20120326)

Description

show_config_errors.php in phpMyAdmin 3.4.x before 3.4.10.2, when a configuration file does not exist, allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message about this missing file.

References

Source Reference
CONFIRM http://www.phpmyadmin.net/home_page/security/PMASA-2012-2.php
CONFIRM https://github.com/phpmyadmin/phpmyadmin/commit/c51817d3b8cb05ff54dca9373c0667e29b8498d4
FEDORA FEDORA-2012-5599
XF phpmyadmin-showconfigerrors-path-disclosure(74608)