PhpMyAdmin full path leakage Vulnerability (CVE-2016-5730)

PhpMyAdmin full path leakage Vulnerability (CVE-2016-5730)
PhpMyAdmin full path leakage Vulnerability (CVE-2016-5730)

Release date:
Updated on:

Affected Systems:

phpMyAdmin phpMyAdmin 4.6.x
phpMyAdmin phpMyAdmin 4.4.x
phpMyAdmin phpMyAdmin 4.0.x

Description:

CVE (CAN) ID: CVE-2016-5730

Phpmyadmin is an online management tool for MySQL databases.

Phpmyadmin 4.4.x, 4.6.x, and 4.0.x versions have information leakage vulnerabilities in./setup/,./examples/. Attackers can use the constructed script to trigger PHP error information and obtain complete path information.

<* Source: Emanuel Bronshtein
*>

Suggestion:

Vendor patch:

PhpMyAdmin
----------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:

Https://www.phpmyadmin.net/security/PMASA-2016-19/
Https://www.phpmyadmin.net/security/PMASA-2016-20/
Https://www.phpmyadmin.net/security/PMASA-2016-21/
Https://www.phpmyadmin.net/security/PMASA-2016-22/
Https://www.phpmyadmin.net/security/PMASA-2016-23/
Https://www.phpmyadmin.net/security/PMASA-2016-24/
Https://www.phpmyadmin.net/security/PMASA-2016-25/
Https://www.phpmyadmin.net/security/PMASA-2016-26/
Https://www.phpmyadmin.net/security/PMASA-2016-27/
Https://www.phpmyadmin.net/security/PMASA-2016-28/

Example of LAMP architecture collaborative application-phpMyAdmin

PhpMyAdmin and Wordpress for LAMP applications

PhpMyAdmin logon timeout Solution

Install phpMyAdmin and Adminer in Ubuntu

Implement SSL functions based on LAMP and install phpMyAdmin

Configure the LAMP + phpMyAdmin PHP (5.5.9) development environment in Ubuntu 14.04

PhpMyAdmin details: click here
PhpMyAdmin: click here

This article permanently updates the link address: