CVE-2013-4999

Description

phpMyAdmin 4.0.x before 4.0.4.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the installation path in an error message, related to Error.class.php and Error_Handler.class.php.

How to fix CVE-2013-4999

To remediate CVE-2013-4999, upgrade the affected package to a fixed version below.

• Debian/phpmyadmin—upgrade to 4:4.0.4.2-1 or later

Is CVE-2013-4999 being exploited?

Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 4:4.0.4.2-1

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2013-4999