Description
phpMyAdmin 2.11.x before 2.11.11.2, and 3.3.x before 3.3.9.1, does not properly handle the absence of the (1) README, (2) ChangeLog, and (3) LICENSE files, which allows remote attackers to obtain the installation path via a direct request for a nonexistent file.
Remediation
References
Related Vulnerabilities
Zikula Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2014-2293)
SugarCRM Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-17307)
WordPress Plugin Protected Posts Logout Button Security Bypass (1.4.5)
WordPress Plugin LISL Last-Image Slider TimThumb Arbitrary File Upload (1.0)
WordPress Plugin Broken Link Checker Cross-Site Scripting (1.10.4)