Description
show_config_errors.php in phpMyAdmin 3.5.x before 3.5.2.1 allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message, related to lack of inclusion of the common.inc.php library file.
Remediation
References
Related Vulnerabilities
PHP Permissions, Privileges, and Access Controls Vulnerability (CVE-2007-1460)
WordPress Plugin Htaccess by BestWebSoft Cross-Site Scripting (1.4)
Moodle Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2014-0213)
WordPress Plugin UserPro-Community and User Profile Multiple Vulnerabilities (5.1.1)