The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. During an execution timeout in the export functionality, the errors containing the full path of the directory of phpMyAdmin are written to the export file. All 4.6.x versions (prior to 4.6.5), and 4.4.x versions (prior to 18.104.22.168) are affected. This CVE is for the json_decode issue.
Base Score: 5
Impact Score: 2.9
Exploitability Score: 10
Base Score: 5.3
Impact Score: 1.4
Exploitability Score: 3.9
|143532||phpMyAdmin 4.0.x < 22.214.171.124 / 4.4.x < 126.96.36.199 / 4.6.x < 4.6.5 Multiple Vulnerabilities||Nessus||CGI abuses|
|96426||GLSA-201701-32 : phpMyAdmin: Multiple vulnerabilities||Nessus||Gentoo Local Security Checks|
|9856||phpMyAdmin 4.4.15.x < 188.8.131.52 / 4.6.x < 4.6.5 Multiple Information Disclosure||Nessus Network Monitor||CGI|