Showing 1 - 1 of 1

CVE-2012-1902

Status Candidate

Overview

show_config_errors.php in phpMyAdmin 3.4.x before 3.4.10.2, when a configuration file does not exist, allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message about this missing file.

Related Files

Mandriva Linux Security Advisory 2012-050: Posted Apr 4, 2012; Authored by Mandriva | Site mandriva.com; Mandriva Linux Security Advisory 2012-050 - Multiple vulnerabilities have been found and corrected in phpmyadmin. It was possible to conduct XSS using a crafted database name. The show_config_errors.php scripts did not validate the presence of the configuration file, so an error message shows the full path of this file, leading to possible further attacks. This upgrade provides the latest phpmyadmin version to address these vulnerabilities.; tags | advisory, php, vulnerability; systems | linux, mandriva; advisories | CVE-2012-1190, CVE-2012-1902; SHA-256 | 93d942bfdbef2f771612c750a8616e56326709a757aee4d07b4eec4152b0e354; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 224 files
Ubuntu 102 files
Debian 21 files
Google Security Research 19 files
indoushka 18 files
Gentoo 14 files
Mirabbas Agalarov 12 files
Apple 9 files
CraCkEr 9 files
Ivan Fratric 8 files

File Archives

Systems

AIX (428)
Apple (1,979)
BSD (373)
CentOS (57)
Cisco (1,920)
Debian (6,753)
Fedora (1,691)
FreeBSD (1,244)
Gentoo (4,321)
HPUX (879)
iOS (344)
iPhone (108)
IRIX (220)
Juniper (67)
Linux (45,783)
Mac OS X (685)
Mandriva (3,105)
NetBSD (256)
OpenBSD (482)
RedHat (13,311)
Slackware (941)
Solaris (1,610)
SUSE (1,444)
Ubuntu (8,633)
UNIX (9,237)
UnixWare (186)
Windows (6,555)
Other

CVE-2012-1902

Overview

Related Files

File Archive:

June 2023

Top Authors In Last 30 Days

File Tags

File Archives

Systems