CVE-2016-9853— phpMyAdmin 路径遍历漏洞

N/A

An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. During an execution timeout in the export functionality, the errors containing the full path of the directory of phpMyAdmin are written to the export file. All 4.6.x versions (prior to 4.6.5), and 4.4.x versions (prior to 4.4.15.9) are affected. This CVE is for the fopen wrapper issue.

N/A

N/A

phpMyAdmin 路径遍历漏洞

phpMyAdmin是phpMyAdmin团队开发的一套免费的、基于Web的MySQL数据库管理工具。该工具能够创建和删除数据库，创建、删除、修改数据库表，执行SQL脚本命令等。 phpMyAdmin中存在路径遍历漏洞，该漏洞源于显示的错误信息中含有完整的目录路径。攻击者可利用该漏洞向导出文件中写入恶意信息。以下版本受到影响：phpMyAdmin 4.6.5之前的4.6.x版本，4.4.15.9之前的4.4.x版本，4.0.10.18之前的4.0.x版本。

N/A

N/A