Description

show_config_errors.php in phpMyAdmin 3.5.x before 3.5.2.1 allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message, related to lack of inclusion of the common.inc.php library file.

Remediation

References

CVE-2012-4219

Related Vulnerabilities

Apache HTTP Server Improper Authentication Vulnerability (CVE-2018-1312)

Oracle Application Server Other Vulnerability (CVE-2007-2123)

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2015-5341)

WordPress Plugin Live Product Editor for WooCommerce Security Bypass (4.6.2)

WordPress Plugin Salon Booking System Cross-Site Scripting (7.9.3)

Severity

Medium

Classification

CVE-2012-4219 CWE-200

Tags

Missing Update Known Vulnerabilities