Description

phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the installation path in an error message, related to pmd_common.php and other files.

Remediation

References

CVE-2013-4998

Related Vulnerabilities

Drupal Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-2983)

Moodle Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2014-3541)

SharePoint Download of Code Without Integrity Check Vulnerability (CVE-2020-1595)

WordPress Plugin SecureMoz Security Audit PHP Object Injection (1.0.5)

WordPress Plugin Infusionsoft Gravity Forms Add-on Multiple Cross-Site Scripting Vulnerabilities (1.5.6)

Severity

Medium

Classification

CVE-2013-4998 CWE-200

Tags

Missing Update Known Vulnerabilities