Vigil@nce - phpMyAdmin: information disclosure via Error Message
January 2016 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can read an error message of phpMyAdmin, in order to
obtain sensitive information.
Impacted products: Fedora, openSUSE, openSUSE Leap, phpMyAdmin.
Severity: 1/4.
Creation date: 28/12/2015.
DESCRIPTION OF THE VULNERABILITY
The phpMyAdmin product offers a web service.
However, an attacker can directly call some PHP scripts, to
generate an error message containing the installation path.
An attacker can therefore read an error message of phpMyAdmin, in
order to obtain sensitive information.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/phpMyAdmin-information-disclosure-via-Error-Message-18590