Information disclosure in phpmyadmin (Alpine package)
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2016-6610 |
| CWE-ID | CWE-200 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
phpmyadmin (Alpine package) Operating systems & Components / Operating system package or component |
| Vendor | Alpine Linux Development Team |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Information disclosure
EUVDB-ID: #VU33609
Risk: Low
CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2016-6610
CWE-ID:
CWE-200 - Exposure of sensitive information to an unauthorized actor
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated user to gain access to sensitive information.
A full path disclosure vulnerability was discovered in phpMyAdmin where a user can trigger a particular error in the export mechanism to discover the full path of phpMyAdmin on the disk. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.
MitigationInstall update from vendor's website.
Vulnerable software versionsphpmyadmin (Alpine package): 4.0.4.1-r0 - 4.4.15.7-r0
CPE2.3- cpe:2.3:a:alpine:phpmyadmin_alpine_package:4.0.4.1-r0:*:*:*:*:alpine_linux:*:2.6
- cpe:2.3:a:alpine:phpmyadmin_alpine_package:4.0.4.2-r0:*:*:*:*:alpine_linux:*:2.6
- cpe:2.3:a:alpine:phpmyadmin_alpine_package:4.0.9-r0:*:*:*:*:alpine_linux:*:2.6
https://git.alpinelinux.org/aports/commit/?id=abae6704b5ad5fa0ac123378e37f2b81d2585ff0
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
