Description
phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request to (1) libraries/phpseclib/Crypt/AES.php or (2) libraries/phpseclib/Crypt/Rijndael.php, which reveals the full path in an error message.
Remediation
References
Related Vulnerabilities
MySQL Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2008-7247)
MySQL CVE-2020-2790 Vulnerability (CVE-2020-2790)
WordPress Plugin Duplicate Page and Post Spam Injection (2.1.1)
Jboss EAP Incomplete List of Disallowed Inputs Vulnerability (CVE-2018-5968)
WordPress Plugin Download Manager Arbitrary File Deletion (3.2.50)