Main Vulnerability Database Vulnerabilities #VU33347

Information disclosure in phpMyAdmin - CVE-2016-9848

Published: December 11, 2016 / Updated: August 4, 2020

Vulnerability identifier: #VU33347

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2016-9848

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: phpMyAdmin

Affected software:
phpMyAdmin

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

An issue was discovered in phpMyAdmin. phpinfo (phpinfo.php) shows PHP information including values of HttpOnly cookies. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.

How to mitigate CVE-2016-9848

Install update from vendor's website.

Sources

http://www.securityfocus.com/bid/94523
https://security.gentoo.org/glsa/201701-32
https://www.phpmyadmin.net/security/PMASA-2016-59

Information disclosure in phpMyAdmin - CVE-2016-9848

Detailed vulnerability description

How to mitigate CVE-2016-9848

Sources

Please verify you're human