Description
phpMyAdmin before 2.11.5.1 stores the MySQL (1) username and (2) password, and the (3) Blowfish secret key, in cleartext in a Session file under /tmp, which allows local users to obtain sensitive information.
Remediation
References
Related Vulnerabilities
XWikiplatform Missing Authorization Vulnerability (CVE-2025-32973)
Oracle JRE CVE-2018-2794 Vulnerability (CVE-2018-2794)
WordPress Plugin WP STAGING WordPress Backup-Migration Backup Restore Cross-Site Scripting (2.9.17)
Envoy Proxy Improper Encoding or Escaping of Output Vulnerability (CVE-2024-45808)