Detections
Analytics
phpMyAdmin 4.0.0 < 4.0.10.12 / 4.4.0 < 4.4.15.2 / 4.5.0 < 4.5.3.1 Information Disclosure (PMASA-2015-6)
medium Nessus Plugin ID 144641
Language:
Synopsis
The remote web server hosts a PHP application that is affected by an information disclosure vulnerability.Description
According to its self-reported version, the phpMyAdmin application hosted on the remote web server is 4.0.x prior to 4.0.10.12, 4.4.x prior to 4.4.15.2, or 4.5.x prior to 4.5.3.1. It is, therefore, affected by an information disclosure vulnerability:- libraries/config/messages.inc.php in phpMyAdmin 4.0.x before 4.0.10.12, 4.4.x before 4.4.15.2, and 4.5.x before 4.5.3.1 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message. (CVE-2015-8669)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Upgrade to phpMyAdmin version 4.0.10.12 / 4.4.15.2 / 4.5.3.1 or later.See Also
Plugin Details
Severity: Medium
ID: 144641
File Name: phpmyadmin_pmasa_2015_6.nasl
Version: 1.5
Type: remote
Family: CGI abuses
Published: 12/30/2020
Updated: 6/4/2024
Configuration: Enable paranoid mode, Enable thorough checks
Supported Sensors: Nessus
Enable CGI Scanning: true
Risk Information
VPR
Risk Factor: Low
Score: 1.4
CVSS v2
Risk Factor: Medium
Base Score: 5
Temporal Score: 3.7
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS Score Source: CVE-2015-8669
CVSS v3
Risk Factor: Medium
Base Score: 5.3
Temporal Score: 4.6
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:phpmyadmin:phpmyadmin
Required KB Items: www/PHP, Settings/ParanoidReport, installed_sw/phpMyAdmin
Excluded KB Items: Settings/disable_cgi_scanning
Exploit Ease: No known exploits are available
Patch Publication Date: 12/25/2015
Vulnerability Publication Date: 12/25/2015
Reference Information
CVE: CVE-2015-8669
BID: 79691