Description

phpMyAdmin 4.0.x before 4.0.4.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the installation path in an error message, related to Error.class.php and Error_Handler.class.php.

Remediation

References

CVE-2013-4999

Related Vulnerabilities

WordPress 4.0.x Cross-Domain Flash Injection Vulnerability (4.0 - 4.0.21)

WordPress Plugin Subscribe to Comments Multiple Cross-Site Scripting Vulnerabilities (2.0.4)

PostgreSQL Cryptographic Issues Vulnerability (CVE-2012-2143)

Osclass Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2014-6308)

WordPress Plugin Advanced XML Reader XML External Entity Information Disclosure (0.3.4)

Severity

Medium

Classification

CVE-2013-4999 CWE-200

Tags

Missing Update Known Vulnerabilities