ID OSVDB:8470 Type osvdb Reporter Lorenzo Hernandez Garcia(novappc@novappc.com) Modified 2003-06-18T00:00:00
Description
Vulnerability Description
phpMyAdmin contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an attacker requests the "db_datadict.php" script without any arguments, which will disclose the web server path resulting in a loss of confidentiality.
Solution Description
Upgrade to version 2.5.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.
Short Description
phpMyAdmin contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an attacker requests the "db_datadict.php" script without any arguments, which will disclose the web server path resulting in a loss of confidentiality.
References:
Nessus Plugin ID:11761
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2003-07/0019.html
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2003-06/0129.html
Bugtraq ID: 7963
{"type": "osvdb", "published": "2003-06-18T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:8470", "bulletinFamily": "software", "cvss": {"vector": "NONE", "score": 0.0}, "viewCount": 0, "edition": 1, "reporter": "Lorenzo Hernandez Garcia(novappc@novappc.com)", "title": "phpMyAdmin db_datadict.php Path Disclosure", "affectedSoftware": [{"operator": "eq", "version": "2.5.0", "name": "phpMyAdmin"}, {"operator": "eq", "version": "2.3.x", "name": "phpMyAdmin"}, {"operator": "eq", "version": "2.0.x", "name": "phpMyAdmin"}, {"operator": "eq", "version": "1.x.x", "name": "phpMyAdmin"}, {"operator": "eq", "version": "2.4.x", "name": "phpMyAdmin"}, {"operator": "eq", "version": "2.1.x", "name": "phpMyAdmin"}, {"operator": "eq", "version": "2.5.1", "name": "phpMyAdmin"}, {"operator": "eq", "version": "2.2.x", "name": "phpMyAdmin"}], "enchantments": {"score": {"value": -0.1, "vector": "NONE", "modified": "2017-04-28T13:20:03", "rev": 2}, "dependencies": {"references": [], "modified": "2017-04-28T13:20:03", "rev": 2}, "vulnersScore": -0.1}, "references": [], "id": "OSVDB:8470", "lastseen": "2017-04-28T13:20:03", "cvelist": [], "modified": "2003-06-18T00:00:00", "description": "## Vulnerability Description\nphpMyAdmin contains a flaw that may lead to an unauthorized information disclosure. \u00a0The issue is triggered when an attacker requests the \"db_datadict.php\" script without any arguments, which will disclose the web server path resulting in a loss of confidentiality.\n## Solution Description\nUpgrade to version 2.5.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nphpMyAdmin contains a flaw that may lead to an unauthorized information disclosure. \u00a0The issue is triggered when an attacker requests the \"db_datadict.php\" script without any arguments, which will disclose the web server path resulting in a loss of confidentiality.\n## References:\n[Nessus Plugin ID:11761](https://vulners.com/search?query=pluginID:11761)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2003-07/0019.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2003-06/0129.html\nBugtraq ID: 7963\n"}
