Description

A full path disclosure vulnerability was discovered in phpMyAdmin where a user can trigger a particular error in the export mechanism to discover the full path of phpMyAdmin on the disk. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.

Remediation

References

CVE-2016-6610

Related Vulnerabilities

Piwigo URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2017-9464)

Jboss EAP Incomplete List of Disallowed Inputs Vulnerability (CVE-2018-5968)

MyBB Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2006-0442)

SharePoint Deserialization of Untrusted Data Vulnerability (CVE-2026-33110)

Envoy Proxy Reachable Assertion Vulnerability (CVE-2022-29228)

Severity

Medium

Classification

CVE-2016-6610 CWE-200 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities