Description

phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the installation path in an error message, related to pmd_common.php and other files.

Remediation

References

CVE-2013-4998

Related Vulnerabilities

Dolibarr Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-5323)

Liferay DXP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-25147)

WordPress Plugin WooCommerce Arbitrary File Deletion (3.4.5)

Drupal Core 9.4.x Remote Code Execution (9.4.0 - 9.4.2)

Joomla Other Vulnerability (CVE-2006-7008)

Severity

Medium

Classification

CVE-2013-4998 CWE-200

Tags

Missing Update Known Vulnerabilities