Description
phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to obtain sensitive information via vectors involving (1) an array value to FormDisplay.php, (2) incorrect data to validate.php, (3) unexpected data to Validator.php, (4) a missing config directory during setup, or (5) an incorrect OpenID identifier data type, which reveals the full path in an error message.
Remediation
References
Related Vulnerabilities
PostgreSQL Missing Encryption of Sensitive Data Vulnerability (CVE-2017-7485)
MySQL CVE-2021-35634 Vulnerability (CVE-2021-35634)
Oracle Database Server CVE-2018-2680 Vulnerability (CVE-2018-2680)
WordPress Plugin BezahlCode-Generator 'gen_name' Parameter Cross-Site Scripting (1.0)
Jolokia Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2018-10899)