Main Vulnerability Database Vulnerabilities #VU32644

Information disclosure in phpMyAdmin - CVE-2013-5000

Published: July 31, 2013 / Updated: July 28, 2020

Vulnerability identifier: #VU32644

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2013-5000

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: phpMyAdmin

Affected software:
phpMyAdmin

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

phpMyAdmin 3.5.x before 3.5.8.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the installation path in an error message, related to config.default.php and other files.

How to mitigate CVE-2013-5000

Install update from vendor's website.

Sources

http://www.phpmyadmin.net/home_page/security/PMASA-2013-12.php

Information disclosure in phpMyAdmin - CVE-2013-5000

Detailed vulnerability description

How to mitigate CVE-2013-5000

Sources

Please verify you're human