phpMyAdmin db_search.php Path Disclosure

2003-06-18T00:00:00
ID OSVDB:8477
Type osvdb
Reporter Lorenzo Hernandez Garcia(novappc@novappc.com)
Modified 2003-06-18T00:00:00

Description

Vulnerability Description

phpMyAdmin contains a flaw that may lead to an unauthorized information disclosure.  The issue is triggered when an attacker requests the "db_search.php" script without any arguments, which will disclose the web server path resulting in a loss of confidentiality.

Solution Description

Upgrade to version 2.5.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

phpMyAdmin contains a flaw that may lead to an unauthorized information disclosure.  The issue is triggered when an attacker requests the "db_search.php" script without any arguments, which will disclose the web server path resulting in a loss of confidentiality.

References:

Nessus Plugin ID:11761 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2003-07/0019.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2003-06/0129.html Bugtraq ID: 7963