CVE-2005-0544

Name of the Vulnerable Software and Affected Versions phpMyAdmin version 2.6.1

Description The issue allows remote attackers to obtain the full path of the server. This is achieved through direct requests to various PHP files, which reveal the path in a PHP error message. The affected files include sqlvalidator.lib.php, sqlparser.lib.php, select theme.lib.php, select lang.lib.php, relation cleanup.lib.php, header meta style.inc.php, get foreign.lib.php, display tbl links.lib.php, display export.lib.php, db table exists.lib.php, charset conversion.lib.php, ufpdf.php, mysqli.dbi.lib.php, setup.php, and cookie.auth.lib.php.

Recommendations For phpMyAdmin version 2.6.1, consider restricting access to the mentioned PHP files to minimize the risk of exploitation. As a temporary workaround, avoid using direct requests to these files until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.