Description

phpMyAdmin before 2.11.5.1 stores the MySQL (1) username and (2) password, and the (3) Blowfish secret key, in cleartext in a Session file under /tmp, which allows local users to obtain sensitive information.

Remediation

References

CVE-2008-1567

Related Vulnerabilities

WordPress Plugin RSVPMaker SQL Injection (7.8.1)

WordPress Plugin Backend Localization Multiple Cross-Site Scripting Vulnerabilities (1.6.1)

Magento Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-7881)

MySQL CVE-2017-3453 Vulnerability (CVE-2017-3453)

WordPress Plugin Multicons [Multiple Favicons] Cross-Site Scripting (2.1)

Severity

Medium

Classification

CVE-2008-1567 CWE-312 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities