The vulnerability should be remotely exploitable without authentication and user interaction. Yes
The detector should provide a reliable false-positive free detection report. Yes
The vulnerability should have a relatively large impact radius. Yes, phpMyAdmin
Please let me know if this is in scope as I've already made the development.
Hi @pussycat0x, detector for this vulnerability has already been implemented internally and Google plans to release it to the public shortly. Thus this request is not in scope for the reward program.
Vulnerability details:
Type: Unauthenticated PHPMyAdmin leads to exposure of sensitive information Score: High References:
The vulnerability should be remotely exploitable without authentication and user interaction. Yes The detector should provide a reliable false-positive free detection report. Yes The vulnerability should have a relatively large impact radius. Yes, phpMyAdmin Please let me know if this is in scope as I've already made the development.