Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2016-2038

phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message.

Published

2016-02-20T01:59:01.157

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv3.0: 5.3 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

10.0

Impact Score

2.9

Weaknesses

Type: Primary
CWE-200

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	phpmyadmin	phpmyadmin	4.0.0	Yes
Application	phpmyadmin	phpmyadmin	4.0.0	Yes
Application	phpmyadmin	phpmyadmin	4.0.0	Yes
Application	phpmyadmin	phpmyadmin	4.0.1	Yes
Application	phpmyadmin	phpmyadmin	4.0.10	Yes
Application	phpmyadmin	phpmyadmin	4.0.10.1	Yes
Application	phpmyadmin	phpmyadmin	4.0.10.2	Yes
Application	phpmyadmin	phpmyadmin	4.0.10.3	Yes
Application	phpmyadmin	phpmyadmin	4.0.10.4	Yes
Application	phpmyadmin	phpmyadmin	4.0.10.5	Yes
Application	phpmyadmin	phpmyadmin	4.0.10.6	Yes
Application	phpmyadmin	phpmyadmin	4.0.10.7	Yes
Application	phpmyadmin	phpmyadmin	4.0.10.8	Yes
Application	phpmyadmin	phpmyadmin	4.0.10.9	Yes
Application	phpmyadmin	phpmyadmin	4.0.10.10	Yes
Application	phpmyadmin	phpmyadmin	4.0.10.11	Yes
Application	phpmyadmin	phpmyadmin	4.0.10.12	Yes
Application	phpmyadmin	phpmyadmin	4.4.0	Yes
Application	phpmyadmin	phpmyadmin	4.4.1	Yes
Application	phpmyadmin	phpmyadmin	4.4.1.1	Yes
Application	phpmyadmin	phpmyadmin	4.4.2	Yes
Application	phpmyadmin	phpmyadmin	4.4.3	Yes
Application	phpmyadmin	phpmyadmin	4.4.4	Yes
Application	phpmyadmin	phpmyadmin	4.4.5	Yes
Application	phpmyadmin	phpmyadmin	4.4.6	Yes
Application	phpmyadmin	phpmyadmin	4.4.6.1	Yes
Application	phpmyadmin	phpmyadmin	4.4.7	Yes
Application	phpmyadmin	phpmyadmin	4.4.8	Yes
Application	phpmyadmin	phpmyadmin	4.4.9	Yes
Application	phpmyadmin	phpmyadmin	4.4.10	Yes
Application	phpmyadmin	phpmyadmin	4.4.11	Yes
Application	phpmyadmin	phpmyadmin	4.4.12	Yes
Application	phpmyadmin	phpmyadmin	4.4.13	Yes
Application	phpmyadmin	phpmyadmin	4.4.13.1	Yes
Application	phpmyadmin	phpmyadmin	4.4.14.1	Yes
Application	phpmyadmin	phpmyadmin	4.4.15	Yes
Application	phpmyadmin	phpmyadmin	4.4.15.1	Yes
Application	phpmyadmin	phpmyadmin	4.4.15.2	Yes
Application	phpmyadmin	phpmyadmin	4.4.15.3	Yes
Application	phpmyadmin	phpmyadmin	4.5.0	Yes
Application	phpmyadmin	phpmyadmin	4.5.0.1	Yes
Application	phpmyadmin	phpmyadmin	4.5.0.2	Yes
Application	phpmyadmin	phpmyadmin	4.5.1	Yes
Application	phpmyadmin	phpmyadmin	4.5.2	Yes
Application	phpmyadmin	phpmyadmin	4.5.3	Yes
Operating System	fedoraproject	fedora	22	Yes
Operating System	fedoraproject	fedora	23	Yes
Operating System	opensuse	leap	42.1	Yes
Operating System	opensuse	opensuse	13.1	Yes
Operating System	opensuse	opensuse	13.2	Yes

References

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176483.html Third Party Advisory ([email protected])
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176739.html Third Party Advisory ([email protected])
http://lists.opensuse.org/opensuse-updates/2016-02/msg00028.html Third Party Advisory ([email protected])
http://lists.opensuse.org/opensuse-updates/2016-02/msg00049.html Third Party Advisory ([email protected])
http://www.phpmyadmin.net/home_page/security/PMASA-2016-1.php Patch, Vendor Advisory ([email protected])
https://github.com/phpmyadmin/phpmyadmin/commit/447c88f4884fe30a25d38c331c31d820a19f8c93 Patch ([email protected])
https://github.com/phpmyadmin/phpmyadmin/commit/5aee5035646c4fc617564cb0d3d58c0435d64d81 Patch ([email protected])
https://github.com/phpmyadmin/phpmyadmin/commit/76b10187c38634a29d6780f99f6dcd796191073b Patch ([email protected])
https://github.com/phpmyadmin/phpmyadmin/commit/85ccdbb5b9c6c7a9830e5cb468662837a59a7aa3 Patch ([email protected])
https://github.com/phpmyadmin/phpmyadmin/commit/d4b9c22c1f8465bda5b6a83dc7e2cf59c3fe44e1 Patch ([email protected])
https://github.com/phpmyadmin/phpmyadmin/commit/f83b52737e321005959497d8e8f59f8aaedc9048 Patch ([email protected])
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176483.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176739.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-updates/2016-02/msg00028.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-updates/2016-02/msg00049.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.phpmyadmin.net/home_page/security/PMASA-2016-1.php Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/phpmyadmin/phpmyadmin/commit/447c88f4884fe30a25d38c331c31d820a19f8c93 Patch (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/phpmyadmin/phpmyadmin/commit/5aee5035646c4fc617564cb0d3d58c0435d64d81 Patch (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/phpmyadmin/phpmyadmin/commit/76b10187c38634a29d6780f99f6dcd796191073b Patch (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/phpmyadmin/phpmyadmin/commit/85ccdbb5b9c6c7a9830e5cb468662837a59a7aa3 Patch (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/phpmyadmin/phpmyadmin/commit/d4b9c22c1f8465bda5b6a83dc7e2cf59c3fe44e1 Patch (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/phpmyadmin/phpmyadmin/commit/f83b52737e321005959497d8e8f59f8aaedc9048 Patch (af854a3a-2127-422b-91ae-364da2661108)