phpMyAdmin Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-4998)

Description

phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the installation path in an error message, related to pmd_common.php and other files.

Remediation

References

CVE-2013-4998

Related Vulnerabilities

WordPress Plugin MailPoet Newsletters (Previous) Security Bypass (2.8.1)

Sqlite Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2008-6590)

Piwigo Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2023-37270)

WordPress Plugin My Tickets Security Bypass (1.9.11)

WordPress 4.2.x Multiple Vulnerabilities (4.2 - 4.2.14)

Severity

Medium

Classification

CVE-2013-4998 CWE-200