Description

phpMyAdmin 3.5.x before 3.5.8.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the installation path in an error message, related to config.default.php and other files.

Remediation

References

CVE-2013-5000

Related Vulnerabilities

WordPress Plugin WP Coder-add custom html, css and js code Cross-Site Request Forgery (2.5.1)

Magento Server-Side Request Forgery (SSRF) Vulnerability (CVE-2019-7913)

PHP Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2007-4782)

Jenkins Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-0788)

WordPress Plugin WP eCommerce SQL Injection (3.11.3)

Severity

Medium

Classification

CVE-2013-5000 CWE-200

Tags

Missing Update Known Vulnerabilities