Information disclosure in phpmyadmin (Alpine package)

1) Information disclosure

EUVDB-ID: #VU33575

Risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2016-9854

CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. During an execution timeout in the export functionality, the errors containing the full path of the directory of phpMyAdmin are written to the export file. All 4.6.x versions (prior to 4.6.5), and 4.4.x versions (prior to 4.4.15.9) are affected. This CVE is for the json_decode issue.

Mitigation

Install update from vendor's website.

Vulnerable software versions

phpmyadmin (Alpine package): 4.4.7-r0 - 4.4.15.8-r0

CPE2.3

• cpe:2.3:a:alpine:phpmyadmin_alpine_package:4.4.7-r0:*:*:*:*:alpine_linux:*:3.1
• cpe:2.3:a:alpine:phpmyadmin_alpine_package:4.4.15-r0:*:*:*:*:alpine_linux:*:3.1
• cpe:2.3:a:alpine:phpmyadmin_alpine_package:4.4.15.1-r0:*:*:*:*:alpine_linux:*:3.1

External links

https://git.alpinelinux.org/aports/commit/?id=3c5da8c4643bf2ec21c87b1c68b3ad2c149fc3b9
https://git.alpinelinux.org/aports/commit/?id=b36b3560d17cde1b9b07e17906ea6b7612b04cce
https://git.alpinelinux.org/aports/commit/?id=a35fc5fa306c1b74cf13f5f8a6624b47b0409a82

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.