phpmyadmin -- information disclosure vulnerability

2005-02-22T00:00:00
ID A7062952-9023-11D9-A22C-0001020EED82
Type freebsd
Reporter FreeBSD
Modified 2005-02-22T00:00:00

Description

A phpMyAdmin security announcement reports:

By calling some scripts that are part of phpMyAdmin in an unexpected way (especially scripts in the libraries subdirectory), it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. Mitigation factor: This path disclosure is possible on servers where the recommended setting of the PHP configuration directive display_errors is set to on, which is against the recommendations given in the PHP manual.