CVE-2016-2038 — MEDIUM (5.3)

Vulnerability Description

phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message.

CVSS Score

5.3

MEDIUM

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Phpmyadmin	Phpmyadmin	4.0.0
Fedoraproject	Fedora	22
Opensuse	Leap	42.1
Opensuse	Opensuse	13.1

Related Weaknesses (CWE)

CWE-200

References

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176483.hThird Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176739.hThird Party Advisory
http://lists.opensuse.org/opensuse-updates/2016-02/msg00028.htmlThird Party Advisory
http://lists.opensuse.org/opensuse-updates/2016-02/msg00049.htmlThird Party Advisory
http://www.phpmyadmin.net/home_page/security/PMASA-2016-1.phpPatchVendor Advisory
https://github.com/phpmyadmin/phpmyadmin/commit/447c88f4884fe30a25d38c331c31d820Patch
https://github.com/phpmyadmin/phpmyadmin/commit/5aee5035646c4fc617564cb0d3d58c04Patch
https://github.com/phpmyadmin/phpmyadmin/commit/76b10187c38634a29d6780f99f6dcd79Patch
https://github.com/phpmyadmin/phpmyadmin/commit/85ccdbb5b9c6c7a9830e5cb468662837Patch
https://github.com/phpmyadmin/phpmyadmin/commit/d4b9c22c1f8465bda5b6a83dc7e2cf59Patch
https://github.com/phpmyadmin/phpmyadmin/commit/f83b52737e321005959497d8e8f59f8aPatch
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176483.hThird Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176739.hThird Party Advisory
http://lists.opensuse.org/opensuse-updates/2016-02/msg00028.htmlThird Party Advisory
http://lists.opensuse.org/opensuse-updates/2016-02/msg00049.htmlThird Party Advisory

FAQ

What is CVE-2016-2038?

CVE-2016-2038 is a vulnerability with a CVSS score of 5.3 (MEDIUM). phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error ...

How severe is CVE-2016-2038?

CVE-2016-2038 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2016-2038?

Check the references section above for vendor advisories and patch information. Affected products include: Phpmyadmin Phpmyadmin, Fedoraproject Fedora, Opensuse Leap, Opensuse Opensuse.