Description

phpmyadmin.css.php in phpMyAdmin 3.4.x before 3.4.6 allows remote attackers to obtain sensitive information via an array-typed js_frame parameter to phpmyadmin.css.php, which reveals the installation path in an error message.

Remediation

References

CVE-2011-3646

Related Vulnerabilities

Moodle Other Vulnerability (CVE-2006-6625)

MongoDb Incorrect Authorization Vulnerability (CVE-2020-7921)

Moodle Other Vulnerability (CVE-2015-3175)

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2015-3181)

WordPress Plugin Bad Behavior Multiple Cross-Site Scripting Vulnerabilities (2.2.4)

Severity

Medium

Classification

CVE-2011-3646 CWE-20

Tags

Missing Update Known Vulnerabilities