Info

Disclosure

Jun 18, 2003

Discovery

Unknown

Dates

Exploit

Jun 18, 2003

Solution

Unknown

Description

phpMyAdmin contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an attacker requests the "pdf_pages.php" script without any arguments, which will disclose the web server path resulting in a loss of confidentiality.

Classification

Location: Remote / Network Access
Attack Type: Misconfiguration
Impact: Loss of Confidentiality
Exploit: Exploit Public
OSVDB: Web Related

Solution

Upgrade to version 2.5.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

phpMyAdmin Devel Team	phpMyAdmin	2.5.1
		2.5.0
		2.4.x
		2.3.x
		2.2.x
		2.1.x
		2.0.x
		1.x.x

References

Bugtraq ID: 7963
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2003-06/0129.html
http://archives.neohapsis.com/archives/bugtraq/2003-07/0019.html

Credit

Lorenzo Hernandez Garcia - novappcnovappc.com - Nova Projects Professional Coding

Direct URL: http://osvdb.org/8465

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

phpMyAdmin Devel Team

phpMyAdmin

References

Credit