PMASA-2006-8

Announcement-ID: PMASA-2006-8

Date: 2006-11-17

Summary

Path disclosure vulnerability

Description

We received a security advisory from laurent gaffié and we wish to thank him for his work. It was possible to disclose path by passing an array to several parameters.

Severity

We consider this vulnerability to be serious.

Affected Versions

Probably all versions to 2.9.1.

Solution

Upgrade to phpMyAdmin 2.9.1.1 or newer.

References

Assigned CVE IDs: CVE-2006-6374

CWE IDs: CWE-661 CWE-200

Patches

The following commits have been made to fix this issue:

416285c4930ed24504edf58774384db4ffec1f86

More information

For further information and in case of questions, please contact the phpMyAdmin security team at security@phpmyadmin.net.

Announcements

PMASA-2025-3 PMASA-2025-2 PMASA-2025-1

PMASA-2023-1

PMASA-2022-2 PMASA-2022-1

PMASA-2020-6 PMASA-2020-5 PMASA-2020-4 PMASA-2020-3 PMASA-2020-2 PMASA-2020-1

PMASA-2019-5 PMASA-2019-4 PMASA-2019-3 PMASA-2019-2 PMASA-2019-1

PMASA-2018-8 PMASA-2018-7 PMASA-2018-6 PMASA-2018-5 PMASA-2018-4 PMASA-2018-3 PMASA-2018-2 PMASA-2018-1

PMASA-2017-9 PMASA-2017-8 PMASA-2017-7 PMASA-2017-6 PMASA-2017-5 PMASA-2017-4 PMASA-2017-3 PMASA-2017-2 PMASA-2017-1

PMASA-2016-71 PMASA-2016-70 PMASA-2016-69 PMASA-2016-68 PMASA-2016-67 PMASA-2016-66 PMASA-2016-65 PMASA-2016-64 PMASA-2016-63 PMASA-2016-62 PMASA-2016-61 PMASA-2016-60 PMASA-2016-59 PMASA-2016-58 PMASA-2016-57 PMASA-2016-56 PMASA-2016-55 PMASA-2016-54 PMASA-2016-53 PMASA-2016-52 PMASA-2016-51 PMASA-2016-50 PMASA-2016-49 PMASA-2016-48 PMASA-2016-47 PMASA-2016-46 PMASA-2016-45 PMASA-2016-44 PMASA-2016-43 PMASA-2016-42 PMASA-2016-41 PMASA-2016-40 PMASA-2016-39 PMASA-2016-38 PMASA-2016-37 PMASA-2016-36 PMASA-2016-35 PMASA-2016-34 PMASA-2016-33 PMASA-2016-32 PMASA-2016-31 PMASA-2016-30 PMASA-2016-29 PMASA-2016-28 PMASA-2016-27 PMASA-2016-26 PMASA-2016-25 PMASA-2016-24 PMASA-2016-23 PMASA-2016-22 PMASA-2016-21 PMASA-2016-20 PMASA-2016-19 PMASA-2016-18 PMASA-2016-17 PMASA-2016-16 PMASA-2016-15 PMASA-2016-14 PMASA-2016-13 PMASA-2016-12 PMASA-2016-11 PMASA-2016-10 PMASA-2016-9 PMASA-2016-8 PMASA-2016-7 PMASA-2016-6 PMASA-2016-5 PMASA-2016-4 PMASA-2016-3 PMASA-2016-2 PMASA-2016-1

PMASA-2015-6 PMASA-2015-5 PMASA-2015-4 PMASA-2015-3 PMASA-2015-2 PMASA-2015-1

PMASA-2014-18 PMASA-2014-17 PMASA-2014-16 PMASA-2014-15 PMASA-2014-14 PMASA-2014-13 PMASA-2014-12 PMASA-2014-11 PMASA-2014-10 PMASA-2014-9 PMASA-2014-8 PMASA-2014-7 PMASA-2014-6 PMASA-2014-5 PMASA-2014-4 PMASA-2014-3 PMASA-2014-2 PMASA-2014-1

PMASA-2013-15 PMASA-2013-14 PMASA-2013-13 PMASA-2013-12 PMASA-2013-11 PMASA-2013-10 PMASA-2013-9 PMASA-2013-8 PMASA-2013-7 PMASA-2013-6 PMASA-2013-5 PMASA-2013-4 PMASA-2013-3 PMASA-2013-2 PMASA-2013-1

PMASA-2012-7 PMASA-2012-6 PMASA-2012-5 PMASA-2012-4 PMASA-2012-3 PMASA-2012-2 PMASA-2012-1

PMASA-2010-10 PMASA-2010-9 PMASA-2010-8 PMASA-2010-7 PMASA-2010-6 PMASA-2010-5 PMASA-2010-4 PMASA-2010-3 PMASA-2010-2 PMASA-2010-1

PMASA-2009-6 PMASA-2009-5 PMASA-2009-4 PMASA-2009-3 PMASA-2009-2 PMASA-2009-1

PMASA-2008-10 PMASA-2008-9 PMASA-2008-8 PMASA-2008-7 PMASA-2008-6 PMASA-2008-5 PMASA-2008-4 PMASA-2008-3 PMASA-2008-2 PMASA-2008-1

PMASA-2007-8 PMASA-2007-7 PMASA-2007-6 PMASA-2007-5 PMASA-2007-4 PMASA-2007-3 PMASA-2007-2 PMASA-2007-1

PMASA-2006-9 PMASA-2006-8 PMASA-2006-7 PMASA-2006-6 PMASA-2006-5 PMASA-2006-4 PMASA-2006-3 PMASA-2006-2 PMASA-2006-1

PMASA-2005-9 PMASA-2005-8 PMASA-2005-7 PMASA-2005-6 PMASA-2005-5 PMASA-2005-4 PMASA-2005-3 PMASA-2005-2 PMASA-2005-1

PMASA-2004-4 PMASA-2004-3 PMASA-2004-2 PMASA-2004-1

PMASA-2003-1

PMASA-2006-8

Summary

Description

Severity

Affected Versions

Solution

References

Patches

More information

Announcements

2025 3

2023 1

2022 2

2020 6

2019 5

2018 8

2017 9

2016 71

2015 6

2014 18

2013 15

2012 7

2011 20

2010 10

2009 6

2008 10

2007 8

2006 9

2005 9

2004 4

2003 1