Description
phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request to (1) libraries/phpseclib/Crypt/AES.php or (2) libraries/phpseclib/Crypt/Rijndael.php, which reveals the full path in an error message.
Remediation
References
Related Vulnerabilities
WordPress Plugin WPFront User Role Editor Multiple Cross-Site Scripting Vulnerabilities (2.13)
WordPress Plugin Top 10-Popular posts for WordPress SQL Injection (2.4.3)
Nginx Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2016-1247)
WordPress Plugin Ajax Contact Form Cross-Site Scripting (1.0)
LimeSurvey Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2021-44967)