Description
phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the installation path in an error message, related to pmd_common.php and other files.
Remediation
References
Related Vulnerabilities
Drupal Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-2983)
Moodle Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2014-3541)
SharePoint Download of Code Without Integrity Check Vulnerability (CVE-2020-1595)
WordPress Plugin SecureMoz Security Audit PHP Object Injection (1.0.5)