PMASA-2016-15
Announcement-ID: PMASA-2016-15
Date: 2016-05-25
Updated: 2016-05-26
Summary
File Traversal Protection Bypass on Error Reporting
Description
A specially crafted payload could result in the error reporting component exposing whether an arbitrary file exists on the file system and the size of that file.
The attacker must be able to intercept and modify the user's POST data and must be able to trigger a JavaScript error to the user.
Updated to include CVE ID.
Severity
We consider this to be non-critical.
Mitigation factor
This attack can be mitigated in affected installations by setting `$cfg['Servers'][$i]['SendErrorReports'] = 'never';`. Upgrading to a more recent development commit is suggested.
Affected Versions
Git 'master' development branch. No released version was vulnerable.
Unaffected Versions
All released versions are not affected as they use precalculated data.
Solution
Upgrade to a more recent snapshot or release version.
References
This issue was found thanks to Mozilla SOS program.
Assigned CVE IDs: CVE-2016-5098
CWE IDs: CWE-661
Patches
The following commits have been made on the 4.6 branch to fix this issue:
More information
For further information and in case of questions, please contact the phpMyAdmin security team at security@phpmyadmin.net.