phpmyadmin -- Multiple full path disclosure vulnerabilities

2016-01-28T00:00:00
ID 5D6A204F-C60B-11E5-BF36-6805CA0B3D42
Type freebsd
Reporter FreeBSD
Modified 2016-01-28T00:00:00

Description

The phpMyAdmin development team reports:

By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. We consider these vulnerabilities to be non-critical. This path disclosure is possible on servers where the recommended setting of the PHP configuration directive display_errors is set to on, which is against the recommendations given in the PHP manual for a production server.