logo
DATABASE RESOURCES PRICING ABOUT US

Possible information disclosure.

Description

## PMASA-2010-10 **Announcement-ID:** PMASA-2010-10 **Date:** 2010-12-07 **Updated:** 2010-02-16 ### Summary Possible information disclosure. ### Description Unauthenticated user was able to display phpinfo output if phpMyAdmin was enabled to show it. ### Severity The issue is considered minor, because this feature is not enabled in default installation. ### Mitigation factor Default installation is not affected, because $$cfg['ShowPhpInfo'] is false by default. ### Affected Versions All versions prior to 3.4.0-beta1. ### Solution Upgrade to phpMyAdmin 3.4.0-beta1 or newer or apply patch listed below. Due to its minor impact, a fix will be included in the next regular release which is 3.3.10. ### References This issue was reported by [Jörg Sommer](<mailto:joerg@alea.gnuu.de>). Assigned CVE ids: [CVE-2010-4481](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4481>) CWE ids: [CWE-661](<https://cwe.mitre.org/data/definitions/661.html>) [CWE-200](<https://cwe.mitre.org/data/definitions/200.html>) ### Patches The following commits have been made to fix this issue: * [4d9fd005671b05c4d74615d5939ed45e4d019e4c](<https://github.com/phpmyadmin/phpmyadmin/commit/4d9fd005671b05c4d74615d5939ed45e4d019e4c>) The following commits have been made on the 2.11 branch to fix this issue: * [373a6626ade37c0fee1dfc7c757ca55c7652874b](<https://github.com/phpmyadmin/phpmyadmin/commit/373a6626ade37c0fee1dfc7c757ca55c7652874b>) The following commits have been made on the 3.3 branch to fix this issue: * [8928900532d111e849362b6359571a3b079eb9ea](<https://github.com/phpmyadmin/phpmyadmin/commit/8928900532d111e849362b6359571a3b079eb9ea>) ### More information For further information and in case of questions, please contact the phpMyAdmin team. Our website is [ phpmyadmin.net](<https://www.phpmyadmin.net/>).


Affected Software


CPE Name Name Version
phpmyadmin 3.4.0-beta1.

Related