Published: 03/10/2006 Updated: 05/09/2008

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

phpMyAdmin prior to 2.9.1-rc1 has a libraries directory under the web document root with insufficient access control, which allows remote malicious users to obtain sensitive information via direct requests for certain files.

Vulnerable Product	Search on Vulmon	Subscribe to Product
phpmyadmin phpmyadmin 2.8.0.1
phpmyadmin phpmyadmin 2.8.0.2
phpmyadmin phpmyadmin 2.8.0.3
phpmyadmin phpmyadmin 2.8.1_dev
phpmyadmin phpmyadmin 2.8.4
phpmyadmin phpmyadmin 2.9.0_dev
phpmyadmin phpmyadmin 2.8.1
phpmyadmin phpmyadmin 2.8.3

Debian Bug report logs - #391090 phpmyadmin: security issue PMASA-2006-5 Package: phpmyadmin; Maintainer for phpmyadmin is Thijs Kinkhorst <thijs@debianorg>; Source for phpmyadmin is src:phpmyadmin (PTS, buildd, popcon) Reported by: Laurent Bonnaud <LaurentBonnaud@inpgfr> Date: Wed, 4 Oct 2006 20:33:02 UTC Sever ...

Debian Bug report logs - #377748 phpmyadmin: CVE-2006-3388: cross-site scripting Package: phpmyadmin; Maintainer for phpmyadmin is Thijs Kinkhorst <thijs@debianorg>; Source for phpmyadmin is src:phpmyadmin (PTS, buildd, popcon) Reported by: Alec Berryman <alec@thenednet> Date: Tue, 11 Jul 2006 01:33:05 UTC Severit ...

NVD-CWE-Other http://prdownloads.sourceforge.net/phpmyadmin/phpMyAdmin-2.9.1-rc1.tar.gz?download http://www.securityfocus.com/bid/20253 http://secunia.com/advisories/22126 http://lists.suse.com/archive/suse-security-announce/2006-Nov/0010.html http://secunia.com/advisories/23086 https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=391090

CVE-2006-5117

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect