Description

phpMyAdmin 2.11.x before 2.11.11.2, and 3.3.x before 3.3.9.1, does not properly handle the absence of the (1) README, (2) ChangeLog, and (3) LICENSE files, which allows remote attackers to obtain the installation path via a direct request for a nonexistent file.

Remediation

References

CVE-2011-0986

Related Vulnerabilities

MySQL Numeric Errors Vulnerability (CVE-2007-2583)

WordPress 4.2.x Multiple Vulnerabilities (4.2 - 4.2.14)

Internet Information Services Other Vulnerability (CVE-1999-1035)

WordPress Plugin Roomcloud Multiple Cross-Site Scripting Vulnerabilities (1.1)

Dotclear Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-6523)

Severity

Medium

Classification

CVE-2011-0986 CWE-20

Tags

Missing Update Known Vulnerabilities