Description
phpMyAdmin 2.11.x before 2.11.11.2, and 3.3.x before 3.3.9.1, does not properly handle the absence of the (1) README, (2) ChangeLog, and (3) LICENSE files, which allows remote attackers to obtain the installation path via a direct request for a nonexistent file.
Remediation
References
Related Vulnerabilities
MediaWiki CVE-2021-30159 Vulnerability (CVE-2021-30159)
WordPress Plugin MStore API-Create Native Android & iOS Apps On The Cloud Security Bypass (2.1.5)
Moodle Exposure of Resource to Wrong Sphere Vulnerability (CVE-2017-7490)
WordPress Plugin Browser and Operating System Finder Cross-Site Request Forgery (1.1)