FreeBSD : phpmyadmin -- information disclosure vulnerability (a7062952-9023-11d9-a22c-0001020eed82)
Medium Nessus Plugin ID 19064
SynopsisThe remote FreeBSD host is missing one or more security-related updates.
DescriptionA phpMyAdmin security announcement reports :
By calling some scripts that are part of phpMyAdmin in an unexpected way (especially scripts in the libraries subdirectory), it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed.
Mitigation factor: This path disclosure is possible on servers where the recommended setting of the PHP configuration directive display_errors is set to on, which is against the recommendations given in the PHP manual.
SolutionUpdate the affected packages.