Description

phpMyAdmin 2.11.x before 2.11.11.2, and 3.3.x before 3.3.9.1, does not properly handle the absence of the (1) README, (2) ChangeLog, and (3) LICENSE files, which allows remote attackers to obtain the installation path via a direct request for a nonexistent file.

Remediation

References

CVE-2011-0986

Related Vulnerabilities

WordPress 4.1.x Multiple Vulnerabilities (4.1 - 4.1.35)

Apache Tomcat Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-4590)

WordPress Plugin Ajax Search Pro Security Bypass (3.5)

Dolibarr Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2021-36625)

WordPress Plugin PowerPress Podcasting by Blubrry Cross-Site Scripting (6.0)

Severity

Medium

Classification

CVE-2011-0986 CWE-20

Tags

Missing Update Known Vulnerabilities