Description

phpMyAdmin before 3.4.0-beta1 allows remote attackers to bypass authentication and obtain sensitive information via a direct request to phpinfo.php, which calls the phpinfo function.

Remediation

References

CVE-2010-4481

Related Vulnerabilities

Jenkins Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-5320)

WordPress Plugin WordPress Survey & Poll-Quiz, Survey and Poll Unspecified Vulnerability (1.5.8.5)

Drupal Core 7.x Remote Code Execution (7.0 - 7.58)

MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2008-5249)

WordPress Plugin Videos on Admin Dashboard Cross-Site Scripting (1.1.3)

Severity

Medium

Classification

CVE-2010-4481 CWE-287

Tags

Missing Update Known Vulnerabilities