Description

libraries/sql-parser/autoload.php in the SQL parser in phpMyAdmin 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message.

Remediation

References

CVE-2016-2044

Related Vulnerabilities

OpenSSL Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) Vulnerability (CVE-2008-0166)

WordPress Plugin Custom Searchable Data Entry System Security Bypass (1.7.1)

WordPress Plugin Fuctweb CapCC 'plugins.php' SQL Injection (1.0)

WordPress Plugin WP-Live Chat by 3CX Cross-Site Scripting (8.1.9)

MediaWiki CVE-2020-25813 Vulnerability (CVE-2020-25813)

Severity

Medium

Classification

CVE-2016-2044 CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities