Vigil@nce - WordPress Portable-phpmyadmin: information disclosure
November 2013 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can directly access to PHP scripts of WordPress
Portable-phpmyadmin, in order to obtain sensitive information.
Impacted products: WordPress Plugins
Severity: 2/4
Creation date: 22/10/2013
DESCRIPTION OF THE VULNERABILITY
The Portable-phpmyadmin plugin is used to administer a database.
However, an authentication is not required to access to some
scripts.
An attacker can therefore directly access to PHP scripts of
WordPress Portable-phpmyadmin, in order to obtain sensitive
information.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/WordPress-Portable-phpmyadmin-information-disclosure-13629