Launchpad.net

CVE 2010-4481

phpMyAdmin before 3.4.0-beta1 allows remote attackers to bypass authentication and obtain sensitive information via a direct request to phpinfo.php, which calls the phpinfo function.

Related bugs and status

CVE-2010-4481 (Candidate) is related to these bugs:

Bug #696857: Fix CVE-2010-4480 and CVE-2010-4481

		In	Importance	Status
696857	Fix CVE-2010-4480 and CVE-2010-4481	phpmyadmin (Ubuntu)	Low	Fix Released
696857	Fix CVE-2010-4480 and CVE-2010-4481	phpmyadmin (Ubuntu Maverick)	Low	Fix Released
696857	Fix CVE-2010-4480 and CVE-2010-4481	phpmyadmin (Ubuntu Natty)	Low	Fix Released
696857	Fix CVE-2010-4480 and CVE-2010-4481	phpmyadmin (Ubuntu Karmic)	Undecided	Won't Fix
696857	Fix CVE-2010-4480 and CVE-2010-4481	phpmyadmin (Ubuntu Lucid)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://phpmyadmin.git....
CONFIRM: http://www.phpmyadmin....
SECUNIA: 42485
VUPEN: ADV-2010-3238
DEBIAN: DSA-2139
MANDRIVA: MDVSA-2011:000
SECUNIA: 42725
VUPEN: ADV-2011-0001
VUPEN: ADV-2011-0027